Vulnerabilities > Silverstripe > Silverstripe > 4.0.7
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-02-19 | CVE-2019-12437 | Cross-Site Request Forgery (CSRF) vulnerability in Silverstripe In SilverStripe through 4.3.3, the previous fix for SS-2018-007 does not completely mitigate the risk of CSRF in GraphQL mutations, | 6.8 |
2020-02-19 | CVE-2019-12246 | Cross-Site Request Forgery (CSRF) vulnerability in Silverstripe SilverStripe through 4.3.3 allows a Denial of Service on flush and development URL tools. | 4.3 |
2019-09-26 | CVE-2019-12617 | Unspecified vulnerability in Silverstripe In SilverStripe through 4.3.3, there is access escalation for CMS users with limited access through permission cache pollution. | 4.0 |
2019-09-25 | CVE-2019-12245 | Incorrect Permission Assignment for Critical Resource vulnerability in Silverstripe SilverStripe through 4.3.3 has incorrect access control for protected files uploaded via Upload::loadIntoFile(). | 5.0 |
2019-09-25 | CVE-2019-12205 | Cross-site Scripting vulnerability in Silverstripe SilverStripe through 4.3.3 has Flash Clipboard Reflected XSS. | 4.3 |
2019-09-25 | CVE-2019-12203 | Session Fixation vulnerability in Silverstripe SilverStripe through 4.3.3 allows session fixation in the "change password" form. | 3.7 |