Vulnerabilities > Silverstripe > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-23 | CVE-2022-38724 | Cross-site Scripting vulnerability in Silverstripe Asset Admin and Assets Silverstripe silverstripe/framework through 4.11.0, silverstripe/assets through 1.11.0, and silverstripe/asset-admin through 1.11.0 allow XSS. | 5.4 |
| 2022-11-22 | CVE-2022-38462 | Cross-site Scripting vulnerability in Silverstripe Framework Silverstripe silverstripe/framework through 4.11 is vulnerable to XSS by carefully crafting a return URL on a /dev/build or /Security/login request. | 6.1 |
| 2022-11-21 | CVE-2022-38146 | Cross-site Scripting vulnerability in Silverstripe Framework Silverstripe silverstripe/framework through 4.11 allows XSS (issue 2 of 3). | 5.4 |
| 2022-06-28 | CVE-2021-41559 | XML Entity Expansion vulnerability in Silverstripe Silverstripe silverstripe/framework 4.8.1 has a quadratic blowup in Convert::xml2array() that enables a remote attack via a crafted XML document. | 6.5 |
| 2022-06-28 | CVE-2022-24444 | Session Fixation vulnerability in Silverstripe Silverstripe silverstripe/framework through 4.10 allows Session Fixation. | 6.4 |
| 2022-06-28 | CVE-2022-29858 | Improper Authentication vulnerability in Silverstripe Assets Silverstripe silverstripe/assets through 1.10 is vulnerable to improper access control that allows protected images to be published by changing an existing image short code on website content. | 4.0 |
| 2022-06-09 | CVE-2022-29254 | Interpretation Conflict vulnerability in Silverstripe Silverstripe-Omnipay silverstripe-omnipay is a SilverStripe integration with Omnipay PHP payments library. | 5.8 |
| 2021-10-07 | CVE-2021-28661 | Incorrect Authorization vulnerability in Silverstripe Default SilverStripe GraphQL Server (aka silverstripe/graphql) 3.x through 3.4.1 permission checker not inherited by query subclass. | 4.0 |
| 2021-10-07 | CVE-2021-36150 | Cross-site Scripting vulnerability in Silverstripe SilverStripe Framework through 4.8.1 allows XSS. | 4.3 |
| 2021-06-08 | CVE-2020-26136 | Improper Authentication vulnerability in Silverstripe In SilverStripe through 4.6.0-rc1, GraphQL doesn't honour MFA (multi-factor authentication) when using basic authentication. | 4.0 |