Vulnerabilities > Silverstripe > Silverstripe > 2.1.1

DATE CVE VULNERABILITY TITLE RISK
2022-06-29 CVE-2022-28803 Cross-site Scripting vulnerability in Silverstripe
In SilverStripe Framework through 2022-04-07, Stored XSS can occur in javascript link tags added via XMLHttpRequest (XHR).
3.5
2022-06-28 CVE-2021-41559 XML Entity Expansion vulnerability in Silverstripe
Silverstripe silverstripe/framework 4.8.1 has a quadratic blowup in Convert::xml2array() that enables a remote attack via a crafted XML document.
network
low complexity
silverstripe CWE-776
6.5
2022-06-28 CVE-2022-24444 Session Fixation vulnerability in Silverstripe
Silverstripe silverstripe/framework through 4.10 allows Session Fixation.
network
low complexity
silverstripe CWE-384
6.4
2021-10-07 CVE-2021-36150 Cross-site Scripting vulnerability in Silverstripe
SilverStripe Framework through 4.8.1 allows XSS.
4.3
2021-06-08 CVE-2020-26136 Improper Authentication vulnerability in Silverstripe
In SilverStripe through 4.6.0-rc1, GraphQL doesn't honour MFA (multi-factor authentication) when using basic authentication.
network
low complexity
silverstripe CWE-287
4.0
2021-06-08 CVE-2020-25817 XXE vulnerability in Silverstripe
SilverStripe through 4.6.0-rc1 has an XXE Vulnerability in CSSContentParser.
3.5
2021-06-08 CVE-2020-26138 Improper Input Validation vulnerability in Silverstripe
In SilverStripe through 4.6.0-rc1, a FormField with square brackets in the field name skips validation.
network
low complexity
silverstripe CWE-20
5.0
2020-07-15 CVE-2020-6164 Information Exposure vulnerability in Silverstripe
In SilverStripe through 4.5.0, a specific URL path configured by default through the silverstripe/framework module can be used to disclose the fact that a domain is hosting a Silverstripe application.
network
low complexity
silverstripe CWE-200
5.0
2020-02-19 CVE-2019-12437 Cross-Site Request Forgery (CSRF) vulnerability in Silverstripe
In SilverStripe through 4.3.3, the previous fix for SS-2018-007 does not completely mitigate the risk of CSRF in GraphQL mutations,
6.8
2020-02-19 CVE-2019-12246 Cross-Site Request Forgery (CSRF) vulnerability in Silverstripe
SilverStripe through 4.3.3 allows a Denial of Service on flush and development URL tools.
4.3