Silverstripe Framework
by Silverstripe
Source repositories
CVEs (12)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-38147 | Med | 0.35 | 5.4 | 0.01 | Nov 23, 2022 | Silverstripe silverstripe/framework through 4.11 allows XSS (issue 3 of 3). | ||
| CVE-2022-37430 | Med | 0.35 | 5.4 | 0.01 | Nov 23, 2022 | Silverstripe silverstripe/framework through 4.11 allows XSS vulnerability via href attribute of a link (issue 2 of 2). | ||
| CVE-2022-37429 | Med | 0.35 | 5.4 | 0.00 | Nov 23, 2022 | Silverstripe silverstripe/framework through 4.11 allows XSS (issue 1 of 2) via JavaScript payload to the href attribute of a link by splitting a javascript URL with white space characters. | ||
| CVE-2022-38724 | Med | 0.35 | 5.4 | 0.01 | Nov 23, 2022 | Silverstripe silverstripe/framework through 4.11.0, silverstripe/assets through 1.11.0, and silverstripe/asset-admin through 1.11.0 allow XSS. | ||
| CVE-2024-47605 | Med | 0.31 | 5.4 | 0.01 | Jan 14, 2025 | silverstripe-asset-admin is a silverstripe assets gallery for asset management. When using the "insert media" functionality, the linked oEmbed JSON includes an HTML attribute which will replace the embed shortcode. The HTML is not sanitized before replacing the shortcode,… | ||
| CVE-2025-30148 | Med | 0.28 | 5.4 | 0.00 | Apr 10, 2025 | Silverstripe Framework is a PHP framework which powers the Silverstripe CMS. Prior to 5.3.23, bad actor with access to edit content in the CMS could send a specifically crafted encoded payload to the server, which could be used to inject a JavaScript payload on the front end of… | ||
| CVE-2024-53277 | Med | 0.28 | 5.4 | 0.00 | Jan 14, 2025 | Silverstripe Framework is a PHP framework which powers the Silverstripe CMS. In some cases, form messages can contain HTML markup. This is an intentional feature, allowing links and other relevant HTML markup for the given message. Some form messages include content that the… | ||
| CVE-2024-32981 | Med | 0.28 | 5.4 | 0.00 | Jul 17, 2024 | Silverstripe framework is the PHP framework forming the base for the Silverstripe CMS. In affected versions a bad actor with access to edit content in the CMS could add send a specifically crafted encoded payload to the server, which could be used to inject a JavaScript payload… | ||
| CVE-2023-48714 | Med | 0.28 | 4.3 | 0.00 | Jan 23, 2024 | Silverstripe Framework is the framework that forms the base of the Silverstripe content management system. Prior to versions 4.13.39 and 5.1.11, if a user should not be able to see a record, but that record can be added to a `GridField` using the… | ||
| CVE-2023-22729 | Med | 0.28 | 5.4 | 0.00 | Apr 26, 2023 | Silverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system. Prior to version 4.12.15, an attacker can display a link to a third party website on a login screen by convincing a legitimate content author to follow a… | ||
| CVE-2023-22728 | Med | 0.21 | 4.3 | 0.00 | Apr 26, 2023 | Silverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system. Prior to version 4.12.15, the GridField print view incorrectly validates the permission of DataObjects potentially allowing a content author to view records they… | ||
| CVE-2015-5063 | 0.00 | — | 0.02 | Jun 24, 2015 | Multiple cross-site scripting (XSS) vulnerabilities in SilverStripe CMS & Framework 3.1.13 allow remote attackers to inject arbitrary web script or HTML via the (1) admin_username or (2) admin_password parameter to install.php. |
- risk 0.35cvss 5.4epss 0.01
Silverstripe silverstripe/framework through 4.11 allows XSS (issue 3 of 3).
- risk 0.35cvss 5.4epss 0.01
Silverstripe silverstripe/framework through 4.11 allows XSS vulnerability via href attribute of a link (issue 2 of 2).
- risk 0.35cvss 5.4epss 0.00
Silverstripe silverstripe/framework through 4.11 allows XSS (issue 1 of 2) via JavaScript payload to the href attribute of a link by splitting a javascript URL with white space characters.
- risk 0.35cvss 5.4epss 0.01
Silverstripe silverstripe/framework through 4.11.0, silverstripe/assets through 1.11.0, and silverstripe/asset-admin through 1.11.0 allow XSS.
- risk 0.31cvss 5.4epss 0.01
silverstripe-asset-admin is a silverstripe assets gallery for asset management. When using the "insert media" functionality, the linked oEmbed JSON includes an HTML attribute which will replace the embed shortcode. The HTML is not sanitized before replacing the shortcode,…
- risk 0.28cvss 5.4epss 0.00
Silverstripe Framework is a PHP framework which powers the Silverstripe CMS. Prior to 5.3.23, bad actor with access to edit content in the CMS could send a specifically crafted encoded payload to the server, which could be used to inject a JavaScript payload on the front end of…
- risk 0.28cvss 5.4epss 0.00
Silverstripe Framework is a PHP framework which powers the Silverstripe CMS. In some cases, form messages can contain HTML markup. This is an intentional feature, allowing links and other relevant HTML markup for the given message. Some form messages include content that the…
- risk 0.28cvss 5.4epss 0.00
Silverstripe framework is the PHP framework forming the base for the Silverstripe CMS. In affected versions a bad actor with access to edit content in the CMS could add send a specifically crafted encoded payload to the server, which could be used to inject a JavaScript payload…
- risk 0.28cvss 4.3epss 0.00
Silverstripe Framework is the framework that forms the base of the Silverstripe content management system. Prior to versions 4.13.39 and 5.1.11, if a user should not be able to see a record, but that record can be added to a `GridField` using the…
- risk 0.28cvss 5.4epss 0.00
Silverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system. Prior to version 4.12.15, an attacker can display a link to a third party website on a login screen by convincing a legitimate content author to follow a…
- risk 0.21cvss 4.3epss 0.00
Silverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system. Prior to version 4.12.15, the GridField print view incorrectly validates the permission of DataObjects potentially allowing a content author to view records they…
- CVE-2015-5063Jun 24, 2015risk 0.00cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in SilverStripe CMS & Framework 3.1.13 allow remote attackers to inject arbitrary web script or HTML via the (1) admin_username or (2) admin_password parameter to install.php.