Vulnerabilities > Silverstripe > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-23 | CVE-2023-44401 | Incorrect Authorization vulnerability in Silverstripe Graphql The Silverstripe CMS GraphQL Server serves Silverstripe data as GraphQL representations. | 5.3 |
| 2024-01-23 | CVE-2023-48714 | Incorrect Permission Assignment for Critical Resource vulnerability in Silverstripe Framework Silverstripe Framework is the framework that forms the base of the Silverstripe content management system. | 4.3 |
| 2024-01-23 | CVE-2023-49783 | Incorrect Authorization vulnerability in Silverstripe Admin Silverstripe Admin provides a basic management interface for the Silverstripe Framework. | 4.3 |
| 2023-04-26 | CVE-2023-22729 | Open Redirect vulnerability in Silverstripe Framework Silverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system. | 6.1 |
| 2023-04-26 | CVE-2023-22728 | Missing Authorization vulnerability in Silverstripe Framework Silverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system. | 4.3 |
| 2022-11-23 | CVE-2022-37421 | Cross-site Scripting vulnerability in Silverstripe Silverstripe silverstripe/cms through 4.11.0 allows XSS. | 5.4 |
| 2022-11-23 | CVE-2022-38147 | Cross-site Scripting vulnerability in Silverstripe Framework Silverstripe silverstripe/framework through 4.11 allows XSS (issue 3 of 3). | 5.4 |
| 2022-11-23 | CVE-2022-37429 | Cross-site Scripting vulnerability in Silverstripe Framework Silverstripe silverstripe/framework through 4.11 allows XSS (issue 1 of 2) via JavaScript payload to the href attribute of a link by splitting a javascript URL with white space characters. | 5.4 |
| 2022-11-23 | CVE-2022-37430 | Cross-site Scripting vulnerability in Silverstripe Framework Silverstripe silverstripe/framework through 4.11 allows XSS vulnerability via href attribute of a link (issue 2 of 2). | 5.4 |
| 2022-11-23 | CVE-2022-38145 | Cross-site Scripting vulnerability in Silverstripe Framework Silverstripe silverstripe/framework through 4.11 allows XSS (issue 1 of 3) via remote attackers adding a Javascript payload to a page's meta description and get it executed in the versioned history compare view. | 5.4 |