Vulnerabilities > Silverstripe > Silverstripe > 4.6.0
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-11-23 | CVE-2022-37421 | Cross-site Scripting vulnerability in Silverstripe Silverstripe silverstripe/cms through 4.11.0 allows XSS. | 5.4 |
2022-06-29 | CVE-2022-28803 | Cross-site Scripting vulnerability in Silverstripe In SilverStripe Framework through 2022-04-07, Stored XSS can occur in javascript link tags added via XMLHttpRequest (XHR). | 3.5 |
2022-06-28 | CVE-2021-41559 | XML Entity Expansion vulnerability in Silverstripe Silverstripe silverstripe/framework 4.8.1 has a quadratic blowup in Convert::xml2array() that enables a remote attack via a crafted XML document. | 6.5 |
2021-10-07 | CVE-2021-36150 | Cross-site Scripting vulnerability in Silverstripe SilverStripe Framework through 4.8.1 allows XSS. | 4.3 |
2021-06-08 | CVE-2020-26136 | Improper Authentication vulnerability in Silverstripe In SilverStripe through 4.6.0-rc1, GraphQL doesn't honour MFA (multi-factor authentication) when using basic authentication. | 4.0 |
2021-06-08 | CVE-2020-25817 | XXE vulnerability in Silverstripe SilverStripe through 4.6.0-rc1 has an XXE Vulnerability in CSSContentParser. | 3.5 |
2021-06-08 | CVE-2020-26138 | Improper Input Validation vulnerability in Silverstripe In SilverStripe through 4.6.0-rc1, a FormField with square brackets in the field name skips validation. | 5.0 |