VYPR

Silverstripe Framework

by Silverstripe

Source repositories

CVEs (12)

  • CVE-2022-38147MedNov 23, 2022
    risk 0.35cvss 5.4epss 0.01

    Silverstripe silverstripe/framework through 4.11 allows XSS (issue 3 of 3).

  • CVE-2022-37430MedNov 23, 2022
    risk 0.35cvss 5.4epss 0.01

    Silverstripe silverstripe/framework through 4.11 allows XSS vulnerability via href attribute of a link (issue 2 of 2).

  • CVE-2022-37429MedNov 23, 2022
    risk 0.35cvss 5.4epss 0.00

    Silverstripe silverstripe/framework through 4.11 allows XSS (issue 1 of 2) via JavaScript payload to the href attribute of a link by splitting a javascript URL with white space characters.

  • CVE-2022-38724MedNov 23, 2022
    risk 0.35cvss 5.4epss 0.01

    Silverstripe silverstripe/framework through 4.11.0, silverstripe/assets through 1.11.0, and silverstripe/asset-admin through 1.11.0 allow XSS.

  • CVE-2024-47605MedJan 14, 2025
    risk 0.31cvss 5.4epss 0.01

    silverstripe-asset-admin is a silverstripe assets gallery for asset management. When using the "insert media" functionality, the linked oEmbed JSON includes an HTML attribute which will replace the embed shortcode. The HTML is not sanitized before replacing the shortcode,…

  • CVE-2025-30148MedApr 10, 2025
    risk 0.28cvss 5.4epss 0.00

    Silverstripe Framework is a PHP framework which powers the Silverstripe CMS. Prior to 5.3.23, bad actor with access to edit content in the CMS could send a specifically crafted encoded payload to the server, which could be used to inject a JavaScript payload on the front end of…

  • CVE-2024-53277MedJan 14, 2025
    risk 0.28cvss 5.4epss 0.00

    Silverstripe Framework is a PHP framework which powers the Silverstripe CMS. In some cases, form messages can contain HTML markup. This is an intentional feature, allowing links and other relevant HTML markup for the given message. Some form messages include content that the…

  • CVE-2024-32981MedJul 17, 2024
    risk 0.28cvss 5.4epss 0.00

    Silverstripe framework is the PHP framework forming the base for the Silverstripe CMS. In affected versions a bad actor with access to edit content in the CMS could add send a specifically crafted encoded payload to the server, which could be used to inject a JavaScript payload…

  • CVE-2023-48714MedJan 23, 2024
    risk 0.28cvss 4.3epss 0.00

    Silverstripe Framework is the framework that forms the base of the Silverstripe content management system. Prior to versions 4.13.39 and 5.1.11, if a user should not be able to see a record, but that record can be added to a `GridField` using the…

  • CVE-2023-22729MedApr 26, 2023
    risk 0.28cvss 5.4epss 0.00

    Silverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system. Prior to version 4.12.15, an attacker can display a link to a third party website on a login screen by convincing a legitimate content author to follow a…

  • CVE-2023-22728MedApr 26, 2023
    risk 0.21cvss 4.3epss 0.00

    Silverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system. Prior to version 4.12.15, the GridField print view incorrectly validates the permission of DataObjects potentially allowing a content author to view records they…

  • CVE-2015-5063Jun 24, 2015
    risk 0.00cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in SilverStripe CMS & Framework 3.1.13 allow remote attackers to inject arbitrary web script or HTML via the (1) admin_username or (2) admin_password parameter to install.php.