Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

packagist silverstripe/framework Security Advisories

Browse all Security Advisories for packagist silverstripe/framework

Loading...
Moderate
GSA_kwCzR0hTQS01MmN3LXB2cTktOW01ds4AA9-1
Silverstripe uses TinyMCE which allows svg files linked in object tags
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 19.6
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS1jaHg3LTl4OGgtcjVtZ84AA9-f
Silverstripe Framework has a Cross-site Scripting vulnerability with encoded payload
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 19.6
Published: 4 months ago
High
GSA_kwCzR0hTQS0yNjVxLTIyMngtNTJtNs4AA8i2
silverstripe/framework has potential SQL Injection vulnerability in PostgreSQL database connector
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 32.0
Published: 6 months ago
High
GSA_kwCzR0hTQS1jd2dxLTgzdzUtOGpmcc4AA8i1
silverstripe/framework has possible denial of service attack vector when flushing
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 27.2
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1tMmhoLTJtNDYteDZqNc4AA8i0
silverstripe/framework may disclose database credentials during connection failure
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 23.6
Published: 6 months ago
High
GSA_kwCzR0hTQS12Y2c2LThmeGMteDVjcc4AA8iz
silverstripe/framework allows upload of dangerous file types
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 32.0
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1jcnIzLWg0bTgtN2Y1Ns4AA8iy
silverstripe/framework vulnerable to member disclosure in login form
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 19.3
Published: 6 months ago
Low
GSA_kwCzR0hTQS12aDdxLWo4cDUtMmg0aM4AA8ix
silverstripe/framework sends passwords back to browsers under some circumstances
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 12.7
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1mNDNqLThocTQtMnhqOc4AA8iw
silverstripe/framework uploaded PHP script execution in assets
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
High
GSA_kwCzR0hTQS12Z3hoLXg4anYtaG1mZs4AA8iv
silverstripe/framework code execution vulnerability
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 27.2
Published: 6 months ago
High
GSA_kwCzR0hTQS1tNXEzLW12Y3ItZ2M1bc4AA8iu
silverstripe/framework BackURL validation bypass with malformed URLs
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 27.2
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1yM3ByLWZoMjUtd3JmY84AA8it
silverstripe/framework's install.php script discloses sensitive data by pre-populating DB credential forms
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 23.6
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS14cGZmLWMzNWctajNjcs4AA8is
silverstripe/framework Privilege Escalation Risk in Member Edit form
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 23.6
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS01NXFnLTZjNG0tbXc2Z84AA8ir
silverstripe/framework's URL parameters `isDev` and `isTest` unguarded
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 23.6
Published: 6 months ago
High
GSA_kwCzR0hTQS14eDRyLTUyNjUtNDhqNs4AA8iq
silverstripe/framework SQL injection in full text search
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 32.0
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1waDYyLWZ2NTktdmY5aM4AA8ip
silverstripe/framework users inadvertently passing sensitive data to LoginAttempt
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 23.6
Published: 6 months ago
High
GSA_kwCzR0hTQS1tcWpjLXg1NjMtYzlxOM4AA8io
silverstripe/framework CSV Excel Macro Injection
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 29.1
Published: 6 months ago
High
GSA_kwCzR0hTQS03bTJ2LXg3cmctNWhtNc4AA8in
silverstripe/framework vulnerable to user enumeration via timing attack on login and password reset forms
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
High
GSA_kwCzR0hTQS00cXg4LWo5dmgtMjYyOM4AA8im
silverstripe/framework's User-Agent header not correctly invalidating user session
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 27.2
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1jNGMzLWo3M3YtNjM0cs4AA8il
silverstripe/framework has Cross-site Scripting vulnerability in page history comparison
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1wcDdxLTZqM2YtNzR2as4AA8ik
silverstripe/framework has Cross-site Scripting vulnerability in RedirectorPage
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 22.2
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1yODVnLTdqcHYtOHhyeM4AA8ij
silverstripe/framework has Cross-site Scripting vulnerability in CMSSecurity BackURL
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 22.2
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1oaHZqLW1jcngtM3ZjZs4AA8ii
silverstripe/framework has Cross-site Scripting vulnerability in page name
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 22.2
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1nODRxLWNxNTUteHdncM4AA8ih
silverstripe/framework member disclosure in login form
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 19.3
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS00NjhqLTZqcmMtMnJqeM4AA8ig
silverstripe/framework vulnerable to Cross-site Scripting In `OptionsetField` and `CheckboxSetField`
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 22.2
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1yOXZwLWZwNzIteGdmN84AA8if
silverstripe/framework's `Member.Name` is not escaped
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 19.6
Published: 6 months ago
Low
GSA_kwCzR0hTQS01cjh3LTY2aHEtcmMzOc4AA8ie
silverstripe/framework's pre-existing alc_enc cookies log users in if remember me is disabled
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 11.3
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS01MmN4LWhwYzUtY3h3Y84AA8id
silverstripe/framework missing ACL on reports
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 15.6
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1wNWgyLXZyOTkteG05Oc4AA8ic
silverstripe/framework ChangePasswordForm does not check `Member::canLogIn()`
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 15.6
Published: 6 months ago
Low
GSA_kwCzR0hTQS1mM3dwLXhwdjItNnZtZ84AA8ib
silverstripe/framework password encryption salt not updated
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS05N2ptLWczM2gtZjQ2Z84AA8iQ
silverstripe/framework ReadOnly transformation for formfields exploitable
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 22.2
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1tcHFqLWY0djMtMzM0aM4AA8iP
Silverstripe Cross-site scripting vulnerability in VersionedRequestFilter
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 22.2
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS12ajJqLTZnM3ctNDY2Ms4AA8iO
Silverstripe Missing CSRF protection in login form
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 19.6
Published: 6 months ago
Critical
GSA_kwCzR0hTQS04djZtLTdmNXYtaGh4Ns4AA8iN
Silverstripe Brute force bypass on default admin
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 33.1
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1tOHY3LXgzOTgtcHhyZs4AA8iM
Silverstripe XSS in CMS Edit Page
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 22.2
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS04N3BmLTd4OTktNXhjNM4AA8iL
Silverstripe Hostname, IP and Protocol Spoofing through HTTP Headers
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 23.6
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS0yaHBjLW1mNHEtajg4Nc4AA8iK
Silverstripe CSRF vulnerability in GridFieldAddExistingAutocompleter
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 15.6
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS14NXcyLXdjcjgtOXE0Nc4AA8iJ
Silverstripe Missing security check on dev/build/defaults
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 23.6
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1xcDI5LXdjYzItdm1wY84AA8hz
Silverstripe HtmlEditor embed url sanitisation
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 15.6
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1qOTgyLTVqdjctdjQzcs4AA8hy
Silverstripe Form field validation message XSS vulnerability
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 22.2
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1tcWY1LTI3NWgtZ2Y2cs4AA8hx
Silverstripe framework is vulnerable to XSS in install.php
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 22.2
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1nNGhwLXBmdmYtdm01d84AA8hw
SilverStripe Vulnerability on 'isDev', 'isTest' and 'flush' $_GET validation
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 23.6
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1ocTRwLTVtcHItamo5bc4AA8hv
Silverstripe XSS in dev/build returnURL Parameter
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 17.1
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS12cDhwLWM2eGoteHBqN84AA8hu
Silverstripe External redirection risk in Security?ReturnURL
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 21.1
Published: 6 months ago
High
GSA_kwCzR0hTQS0yNWdxLWp2eDItdmc5eM4AA8ht
Silverstripe X-Forwarded-Host request hostname injection
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 26.2
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1qcXA4LXY3NHAtZzhweM4AA8hs
Silverstripe XSS in Director::force_redirect()
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 22.2
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS00aDU0LXZ3eDktM3ZyM84AA8hm
Silverstripe XSS In FormAction
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 22.2
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS0zNHE2LXhxeGgtZ3EzOc4AA8hl
Silverstripe XSS In rewritten hash links
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 22.2
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS04OGpwLTlqcnYtNjM2OM4AA8hj
Silverstripe XSS In GridField print
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 22.2
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1yMzJqLW1yOHAtaGZwOM4AA8hi
Silverstripe XSS in TreeDropdownField and TreeMultiSelectField
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 22.2
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1nNDN3LTk4d3AtbTY5NM4AA8hh
SilverStripe framework XML Quadratic Blowup Attack
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 19.3
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS01ZjV2LTVjM3YtZ3c1ds4AA8hg
Silverstripe IE requests not properly behaving with rewritehashlinks
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 22.2
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1xbTJqLXF2cTMtajI5ds4AA4oN
Record titles for restricted records can be viewed if exposed by GridFieldAddExistingAutocompleter
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 15.6
Published: 10 months ago
Low
GSA_kwCzR0hTQS0zNnh4LTd2ZjYtN212M84AA0-N
Silverstripe Framework: Members with no password can be created and bypass custom login forms
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1qaDN3LTZqcDItdnFxbc4AAy-8
Missing permission check of canView in GridFieldPrintButton
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 15.6
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1mdzg0LXhnbTgtOWptds4AAy-7
Open redirect vulnerability on CMSSecurity relogin screen
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 22.2
Published: over 1 year ago
High
GSA_kwCzR0hTQS1ycjhoLWY5N3EtOHA5Y84AAv_j
Blind SQL Injection via GridFieldSortableHeader
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 32.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS12dnhmLXI0dm0tMnZtNs4AAv_i
Reflected XSS in querystring parameters
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 22.2
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS13YzZyLTRnZ2MtNzl3Nc4AAv_h
Stored XSS using HTMLEditor
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 19.6
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1xdzR3LXZxOHYtMndjds4AAv_g
Stored XSS using uppercase characters in HTMLEditor
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 19.6
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS05Y3gyLWhqNm0tZnY1OM4AAv_e
Silverstripe XSS in shortcodes
Ecosystems: packagist
Packages: silverstripe/framework, silverstripe/assets
Source: GitHub Advisory Database
Blast Radius: 19.6
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS05Zm1nLTg5ZngtcjMzd84AAtB0
Quadratic blowup in Convert::xml2array()
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 23.6
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1qeDM0LWdxcXEtcjZnbc4AAtBz
Stored XSS via HTML fields in SilverStripe Framework
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 19.6
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1ycHBjLTY1NXYtN2ozY84AAtBy
Stored XSS in link tags added via XHR in SilverStripe Framework
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 19.6
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS0zdmpjLTV4NzktbTlyOM4AAot8
SilverStripe XXE Vulnerability in CSSContentParser
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 17.4
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS0ycHcyLXFwY3AtbTQ3eM4AAlYo
Silverstripe CMS XSS Vulnerability
Ecosystems: packagist
Packages: silverstripe/framework, silverstripe/cms
Source: GitHub Advisory Database
Blast Radius: 19.6
Published: over 2 years ago
High
GSA_kwCzR0hTQS1nbTV4LWhwbXcteHB4Z84AAlYx
Silverstripe CMS information disclosure
Ecosystems: packagist
Packages: silverstripe/framework, silverstripe/cms
Source: GitHub Advisory Database
Blast Radius: 27.2
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1xOWZmLTNxOTMtZm04bc4AAlTU
SilverStripe Web Cache Poisoning through HTTPRequestBuilder
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 21.4
Published: over 2 years ago
High
GSA_kwCzR0hTQS01OTJtLTQ1MzMtcnhxOc4AAkYY
SilverStripe Folders migrated from 3.x may be unsafe to upload to
Ecosystems: packagist
Packages: silverstripe/assets, silverstripe/userforms, silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 27.2
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS01ZnI4LXhocXEtNHAzcc4AAjo3
SilverStripe Denial of Service on flush and development URL tools
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 15.6
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1qZ3cyLWY1bXgtcmc3aM4AAiJr
SilverStripe asset-admin Cross-site Scripting (XSS)
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 19.6
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1yZnZ3LTU4NDgtZ3hjNc4AAiIX
Silverstripe Flash Clipboard Reflected XSS
Ecosystems: packagist
Packages: silverstripe/framework, silverstripe/admin
Source: GitHub Advisory Database
Blast Radius: 22.2
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS12MzU4LXJ2eHItd2ZmeM4AAffv
Silverstripe XSS Vulnerabilities
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS0yanZqLW1oZjItZzk5d84AAXbC
SilverStripe CSV Excel Macro Injection
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 20.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1maDM1LXA4cGgtcDU0Nc4AAWBS
Silverstripe CMS Open Redirect
Ecosystems: packagist
Packages: silverstripe/framework, silverstripe/cms
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS13dmZ3LXczeDYtZzUyNs4AAToq
Silverstripe Framework SQLi Vulnerability
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 35.6
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS03bXY0LTR4cGcteHE0NM02AQ
FormField with square brackets in field name skips validation
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 19.3
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS0zMm0yLTlmNzYtNGd2OM0pOg
Business Logic Errors in SilverStripe Framework
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 15.6
Published: almost 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQzamotMnJ3Yy0ybTNm
Broken access control on files
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 19.3
Published: over 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXF2cnYtMng3eC03OHgy
Reflected XSS in SilverStripe
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 22.2
Published: over 4 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZyNTgtNHhnci1nbTZt
SilverStripe Priviledge escalation through cache pollution
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 9.8
Published: about 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWp2eDUtcm02cS1neDdw
Lack of access control on upoaded files
Ecosystems: packagist
Packages: silverstripe/assets, silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 19.3
Published: about 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXc3cjctcjhyOS12cmcy
Session fixation in change password form
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 22.9
Published: about 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNnOGotOHc1Mi03MzV2
Missing warning can lead to unauthenticated admin access in SilverStripe
Ecosystems: packagist
Packages: silverstripe/framework, silverstripe/cms
Source: GitHub Advisory Database
Blast Radius: 35.6
Published: about 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhtNmoteDM0Mi1nd3E5
SilverStripe Versioned Files module Unpublished files are exposed publicly
Ecosystems: packagist
Packages: silverstripe/framework, symbiote/silverstripe-versionedfiles
Source: GitHub Advisory Database
Blast Radius: 19.3
Published: about 5 years ago
Statistics
Advisories: 20,668
Packages: 9,040
Repositories: 5
Ecosystems: 12
Filter by Severity
Moderate 8,836 High 7,269 Critical 3,070 Low 1,144
Filter by Ecosystem
maven 5,864 packagist 4,634 pypi 4,352 npm 3,812 go 2,295 nuget 1,552 cargo 882 rubygems 880 swift 33 hex 32 actions 20 pub 9
Filter by Package
moodle/moodle 367 magento/community-edition 235 typo3/cms 174 pimcore/pimcore 118 dolibarr/dolibarr 113 typo3/cms-core 106 microweber/microweber 94 phpmyadmin/phpmyadmin 92 drupal/core 92 silverstripe/framework 85 drupal/drupal 78 librenms/librenms 74 thorsten/phpmyfaq 70 symfony/symfony 69 concrete5/concrete5 60 shopware/platform 52 baserproject/basercms 47 craftcms/cms 46 showdoc/showdoc 40 shopware/core 40 intelliants/subrion 39 froxlor/froxlor 38 nilsteampassnet/teampass 37 mautic/core 37 snipe/snipe-it 35 zendframework/zendframework1 34 shopware/shopware 30 getgrav/grav 29 mediawiki/core 28 centreon/centreon 27 prestashop/prestashop 26 magento/core 24 contao/core-bundle 24 grumpydictator/firefly-iii 23 pocketmine/pocketmine-mp 23 remdex/livehelperchat 23 zendframework/zendframework 23 simplesamlphp/simplesamlphp 23 getkirby/cms 22 tribalsystems/zenario 22 funadmin/funadmin 20 laravel/framework 20 contao/contao 19 forkcms/forkcms 18 cockpit-hq/cockpit 18 topthink/framework 18 genix/cms 17 opencart/opencart 17 cakephp/cakephp 17 symfony/security 17 francoisjacquet/rosariosis 17 ezsystems/ezpublish-kernel 17 yetiforce/yetiforce-crm 16 openmage/magento-lts 16 phpbb/phpbb 16 typo3/cms-backend 16 symfony/security-http 15 smarty/smarty 15 ec-cube/ec-cube 15 october/system 15 phpmailer/phpmailer 14 silverstripe/cms 14 bolt/bolt 14 feehi/cms 14 dompdf/dompdf 14 codeigniter4/framework 13 sylius/sylius 13 pimcore/admin-ui-classic-bundle 13 elefant/cms 13 lavalite/cms 13 impresscms/impresscms 13 studio-42/elfinder 13 admidio/admidio 13 symfony/http-foundation 12 wwbn/avideo 12 phpoffice/phpspreadsheet 12 phpmyfaq/phpmyfaq 12 tinymce 11 feehi/feehicms 11 nukeviet/nukeviet 11 ezsystems/ezplatform-kernel 11 pagekit/pagekit 11 wallabag/wallabag 11 TinyMCE 11 tinymce/tinymce 11 october/october 10 ssddanbrown/bookstack 10 sulu/sulu 10 yiisoft/yii2 10 ezsystems/ezpublish-legacy 10 concrete5/core 9 bootstrap 9 bootstrap 9 org.webjars:bootstrap 9 contao/core 9 bootstrap 9 statamic/cms 9 alextselegidis/easyappointments 9 twbs/bootstrap 9 kevinpapst/kimai2 9 composer/composer 8 pterodactyl/panel 8 gilacms/gila 8 silverstripe/graphql 8 pimcore/customer-management-framework-bundle 8 mantisbt/mantisbt 8 twig/twig 8 ezsystems/ezplatform-admin-ui 8 croogo/croogo 8 facturascripts/facturascripts 8 codiad/codiad 8 silverstripe/admin 8 october/cms 8 bootstrap-sass 7 backdrop/backdrop 7 symfony/http-kernel 7 bootstrap.sass 7 billz/raspap-webgui 7 passbolt/passbolt_api 7 wpglobus/wpglobus 7 flarum/core 7 october/backend 7 bagisto/bagisto 6 dweeves/magmi 6 guzzlehttp/guzzle 6 vrana/adminer 6 directmailteam/direct-mail 6 pear/archive_tar 6 zoujingli/thinkadmin 6 nystudio107/craft-seomatic 6 icecoder/icecoder 6 yourls/yourls 6 oro/platform 6 in2code/femanager 6 yiisoft/yii2-dev 6 gleez/cms 6 phpseclib/phpseclib 6 elgg/elgg 5 neos/neos 5 ibexa/core 5 bootstrap-sass 5 limesurvey/limesurvey 5 thinkcmf/thinkcmf 5 gugoan/economizzer 5 typo3/cms-install 5 illuminate/database 5 symfony/security-bundle 5 kimai/kimai 5 symfony/security-core 5 phpxmlrpc/phpxmlrpc 5 woocommerce/woocommerce 5 cachethq/cachet 5 bottelet/flarepoint 5 phpservermon/phpservermon 5 simplesamlphp/saml2 5 mautic/core-lib 5 silverstripe/assets 5 neos/flow 5 codeigniter/framework 5 anchorcms/anchor-cms 5 typo3/flow 5 ezsystems/ezplatform 4 ezyang/htmlpurifier 4 pyrocms/pyrocms 4 modx/revolution 4 oro/commerce 4 reportico-web/reportico 4 magento/product-community-edition 4 wp-premium/gravityforms 4 processwire/processwire 4 shopware/storefront 4 friendsofsymfony/user-bundle 4 shopxo/shopxo 4 spatie/browsershot 4 sylius/resource-bundle 4 appwrite/server-ce 4 bref/bref 4 idno/known 4 notrinos/notrinos-erp 4 wintercms/winter 4 bytefury/crater 4 typo3/cms-frontend 4 zendframework/zendopenid 4 evolutioncms/evolution 4 typo3/html-sanitizer 4 adodb/adodb-php 4 codeigniter4/shield 4 automad/automad 4 facade/ignition 3 bbpress/bbpress 3 phenx/php-svg-lib 3 buddypress/buddypress 3 typo3/cms-form 3 yiisoft/yii 3 qcubed/qcubed 3 pixelfed/pixelfed 3 zencart/zencart 3 privatebin/privatebin 3 illuminate/auth 3 verbb/comments 3
Filter by Repository
https://github.com/silverstripe/silverstripe-framework 62 https://github.com/silverstripe/silverstripe-assets 1 https://github.com/silverstripe/silverstripe-admin 1 https://github.com/silverstripe/sapphire 1