Vulnerabilities > Silverstripe > Silverstripe > 4.9.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-23 | CVE-2022-37421 | Cross-site Scripting vulnerability in Silverstripe Silverstripe silverstripe/cms through 4.11.0 allows XSS. | 5.4 |
| 2022-06-29 | CVE-2022-28803 | Cross-site Scripting vulnerability in Silverstripe In SilverStripe Framework through 2022-04-07, Stored XSS can occur in javascript link tags added via XMLHttpRequest (XHR). | 5.4 |
| 2022-06-28 | CVE-2021-41559 | XML Entity Expansion vulnerability in Silverstripe Silverstripe silverstripe/framework 4.8.1 has a quadratic blowup in Convert::xml2array() that enables a remote attack via a crafted XML document. | 6.5 |