Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

packagist silverstripe/framework Security Advisories

Loading...
Moderate
GSA_kwCzR0hTQS01MmN3LXB2cTktOW01ds4AA9-1
Silverstripe uses TinyMCE which allows svg files linked in object tags
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 19.6
Published: 5 days ago
Moderate
GSA_kwCzR0hTQS1jaHg3LTl4OGgtcjVtZ84AA9-f
Silverstripe Framework has a Cross-site Scripting vulnerability with encoded payload
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 19.6
Published: 5 days ago
High
GSA_kwCzR0hTQS0yNjVxLTIyMngtNTJtNs4AA8i2
silverstripe/framework has potential SQL Injection vulnerability in PostgreSQL database connector
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 32.0
Published: about 2 months ago
High
GSA_kwCzR0hTQS1jd2dxLTgzdzUtOGpmcc4AA8i1
silverstripe/framework has possible denial of service attack vector when flushing
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 27.2
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1tMmhoLTJtNDYteDZqNc4AA8i0
silverstripe/framework may disclose database credentials during connection failure
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 23.6
Published: about 2 months ago
High
GSA_kwCzR0hTQS12Y2c2LThmeGMteDVjcc4AA8iz
silverstripe/framework allows upload of dangerous file types
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 32.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1jcnIzLWg0bTgtN2Y1Ns4AA8iy
silverstripe/framework vulnerable to member disclosure in login form
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 19.3
Published: about 2 months ago
Low
GSA_kwCzR0hTQS12aDdxLWo4cDUtMmg0aM4AA8ix
silverstripe/framework sends passwords back to browsers under some circumstances
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 12.7
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1mNDNqLThocTQtMnhqOc4AA8iw
silverstripe/framework uploaded PHP script execution in assets
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
High
GSA_kwCzR0hTQS12Z3hoLXg4anYtaG1mZs4AA8iv
silverstripe/framework code execution vulnerability
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 27.2
Published: about 2 months ago
High
GSA_kwCzR0hTQS1tNXEzLW12Y3ItZ2M1bc4AA8iu
silverstripe/framework BackURL validation bypass with malformed URLs
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 27.2
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1yM3ByLWZoMjUtd3JmY84AA8it
silverstripe/framework's install.php script discloses sensitive data by pre-populating DB credential forms
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 23.6
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS14cGZmLWMzNWctajNjcs4AA8is
silverstripe/framework Privilege Escalation Risk in Member Edit form
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 23.6
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS01NXFnLTZjNG0tbXc2Z84AA8ir
silverstripe/framework's URL parameters `isDev` and `isTest` unguarded
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 23.6
Published: about 2 months ago
High
GSA_kwCzR0hTQS14eDRyLTUyNjUtNDhqNs4AA8iq
silverstripe/framework SQL injection in full text search
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 32.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1waDYyLWZ2NTktdmY5aM4AA8ip
silverstripe/framework users inadvertently passing sensitive data to LoginAttempt
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 23.6
Published: about 2 months ago
High
GSA_kwCzR0hTQS1tcWpjLXg1NjMtYzlxOM4AA8io
silverstripe/framework CSV Excel Macro Injection
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 29.1
Published: about 2 months ago
High
GSA_kwCzR0hTQS03bTJ2LXg3cmctNWhtNc4AA8in
silverstripe/framework vulnerable to user enumeration via timing attack on login and password reset forms
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
High
GSA_kwCzR0hTQS00cXg4LWo5dmgtMjYyOM4AA8im
silverstripe/framework's User-Agent header not correctly invalidating user session
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 27.2
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1jNGMzLWo3M3YtNjM0cs4AA8il
silverstripe/framework has Cross-site Scripting vulnerability in page history comparison
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1wcDdxLTZqM2YtNzR2as4AA8ik
silverstripe/framework has Cross-site Scripting vulnerability in RedirectorPage
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 22.2
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1yODVnLTdqcHYtOHhyeM4AA8ij
silverstripe/framework has Cross-site Scripting vulnerability in CMSSecurity BackURL
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 22.2
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1oaHZqLW1jcngtM3ZjZs4AA8ii
silverstripe/framework has Cross-site Scripting vulnerability in page name
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 22.2
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1nODRxLWNxNTUteHdncM4AA8ih
silverstripe/framework member disclosure in login form
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 19.3
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS00NjhqLTZqcmMtMnJqeM4AA8ig
silverstripe/framework vulnerable to Cross-site Scripting In `OptionsetField` and `CheckboxSetField`
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 22.2
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1yOXZwLWZwNzIteGdmN84AA8if
silverstripe/framework's `Member.Name` is not escaped
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 19.6
Published: about 2 months ago
Low
GSA_kwCzR0hTQS01cjh3LTY2aHEtcmMzOc4AA8ie
silverstripe/framework's pre-existing alc_enc cookies log users in if remember me is disabled
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 11.3
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS01MmN4LWhwYzUtY3h3Y84AA8id
silverstripe/framework missing ACL on reports
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 15.6
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1wNWgyLXZyOTkteG05Oc4AA8ic
silverstripe/framework ChangePasswordForm does not check `Member::canLogIn()`
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 15.6
Published: about 2 months ago
Low
GSA_kwCzR0hTQS1mM3dwLXhwdjItNnZtZ84AA8ib
silverstripe/framework password encryption salt not updated
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS05N2ptLWczM2gtZjQ2Z84AA8iQ
silverstripe/framework ReadOnly transformation for formfields exploitable
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 22.2
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1tcHFqLWY0djMtMzM0aM4AA8iP
Silverstripe Cross-site scripting vulnerability in VersionedRequestFilter
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 22.2
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS12ajJqLTZnM3ctNDY2Ms4AA8iO
Silverstripe Missing CSRF protection in login form
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 19.6
Published: 2 months ago
Critical
GSA_kwCzR0hTQS04djZtLTdmNXYtaGh4Ns4AA8iN
Silverstripe Brute force bypass on default admin
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 33.1
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1tOHY3LXgzOTgtcHhyZs4AA8iM
Silverstripe XSS in CMS Edit Page
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 22.2
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS04N3BmLTd4OTktNXhjNM4AA8iL
Silverstripe Hostname, IP and Protocol Spoofing through HTTP Headers
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 23.6
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS0yaHBjLW1mNHEtajg4Nc4AA8iK
Silverstripe CSRF vulnerability in GridFieldAddExistingAutocompleter
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 15.6
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS14NXcyLXdjcjgtOXE0Nc4AA8iJ
Silverstripe Missing security check on dev/build/defaults
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 23.6
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1xcDI5LXdjYzItdm1wY84AA8hz
Silverstripe HtmlEditor embed url sanitisation
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 15.6
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1qOTgyLTVqdjctdjQzcs4AA8hy
Silverstripe Form field validation message XSS vulnerability
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 22.2
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1tcWY1LTI3NWgtZ2Y2cs4AA8hx
Silverstripe framework is vulnerable to XSS in install.php
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 22.2
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1nNGhwLXBmdmYtdm01d84AA8hw
SilverStripe Vulnerability on 'isDev', 'isTest' and 'flush' $_GET validation
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 23.6
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1ocTRwLTVtcHItamo5bc4AA8hv
Silverstripe XSS in dev/build returnURL Parameter
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 17.1
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS12cDhwLWM2eGoteHBqN84AA8hu
Silverstripe External redirection risk in Security?ReturnURL
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 21.1
Published: 2 months ago
High
GSA_kwCzR0hTQS0yNWdxLWp2eDItdmc5eM4AA8ht
Silverstripe X-Forwarded-Host request hostname injection
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 26.2
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1qcXA4LXY3NHAtZzhweM4AA8hs
Silverstripe XSS in Director::force_redirect()
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 22.2
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS00aDU0LXZ3eDktM3ZyM84AA8hm
Silverstripe XSS In FormAction
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 22.2
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS0zNHE2LXhxeGgtZ3EzOc4AA8hl
Silverstripe XSS In rewritten hash links
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 22.2
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS04OGpwLTlqcnYtNjM2OM4AA8hj
Silverstripe XSS In GridField print
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 22.2
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1yMzJqLW1yOHAtaGZwOM4AA8hi
Silverstripe XSS in TreeDropdownField and TreeMultiSelectField
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 22.2
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1nNDN3LTk4d3AtbTY5NM4AA8hh
SilverStripe framework XML Quadratic Blowup Attack
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 19.3
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS01ZjV2LTVjM3YtZ3c1ds4AA8hg
Silverstripe IE requests not properly behaving with rewritehashlinks
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 22.2
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1xbTJqLXF2cTMtajI5ds4AA4oN
Record titles for restricted records can be viewed if exposed by GridFieldAddExistingAutocompleter
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 15.6
Published: 6 months ago
Low
GSA_kwCzR0hTQS0zNnh4LTd2ZjYtN212M84AA0-N
Silverstripe Framework: Members with no password can be created and bypass custom login forms
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS1qaDN3LTZqcDItdnFxbc4AAy-8
Missing permission check of canView in GridFieldPrintButton
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 15.6
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1mdzg0LXhnbTgtOWptds4AAy-7
Open redirect vulnerability on CMSSecurity relogin screen
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 22.2
Published: about 1 year ago
High
GSA_kwCzR0hTQS1ycjhoLWY5N3EtOHA5Y84AAv_j
Blind SQL Injection via GridFieldSortableHeader
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 32.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS12dnhmLXI0dm0tMnZtNs4AAv_i
Reflected XSS in querystring parameters
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 22.2
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS13YzZyLTRnZ2MtNzl3Nc4AAv_h
Stored XSS using HTMLEditor
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 19.6
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1xdzR3LXZxOHYtMndjds4AAv_g
Stored XSS using uppercase characters in HTMLEditor
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 19.6
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS05Y3gyLWhqNm0tZnY1OM4AAv_e
Silverstripe XSS in shortcodes
Ecosystems: packagist
Packages: silverstripe/framework, silverstripe/assets
Source: GitHub Advisory Database
Blast Radius: 19.6
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS05Zm1nLTg5ZngtcjMzd84AAtB0
Quadratic blowup in Convert::xml2array()
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 23.6
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1qeDM0LWdxcXEtcjZnbc4AAtBz
Stored XSS via HTML fields in SilverStripe Framework
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 19.6
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1ycHBjLTY1NXYtN2ozY84AAtBy
Stored XSS in link tags added via XHR in SilverStripe Framework
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 19.6
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS0zdmpjLTV4NzktbTlyOM4AAot8
SilverStripe XXE Vulnerability in CSSContentParser
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 17.4
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS0ycHcyLXFwY3AtbTQ3eM4AAlYo
Silverstripe CMS XSS Vulnerability
Ecosystems: packagist
Packages: silverstripe/framework, silverstripe/cms
Source: GitHub Advisory Database
Blast Radius: 19.6
Published: about 2 years ago
High
GSA_kwCzR0hTQS1nbTV4LWhwbXcteHB4Z84AAlYx
Silverstripe CMS information disclosure
Ecosystems: packagist
Packages: silverstripe/framework, silverstripe/cms
Source: GitHub Advisory Database
Blast Radius: 27.2
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1xOWZmLTNxOTMtZm04bc4AAlTU
SilverStripe Web Cache Poisoning through HTTPRequestBuilder
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 21.4
Published: about 2 years ago
High
GSA_kwCzR0hTQS01OTJtLTQ1MzMtcnhxOc4AAkYY
SilverStripe Folders migrated from 3.x may be unsafe to upload to
Ecosystems: packagist
Packages: silverstripe/assets, silverstripe/userforms, silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 27.2
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS01ZnI4LXhocXEtNHAzcc4AAjo3
SilverStripe Denial of Service on flush and development URL tools
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 15.6
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1qZ3cyLWY1bXgtcmc3aM4AAiJr
SilverStripe asset-admin Cross-site Scripting (XSS)
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 19.6
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1yZnZ3LTU4NDgtZ3hjNc4AAiIX
Silverstripe Flash Clipboard Reflected XSS
Ecosystems: packagist
Packages: silverstripe/framework, silverstripe/admin
Source: GitHub Advisory Database
Blast Radius: 22.2
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS12MzU4LXJ2eHItd2ZmeM4AAffv
Silverstripe XSS Vulnerabilities
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS0yanZqLW1oZjItZzk5d84AAXbC
SilverStripe CSV Excel Macro Injection
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 20.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1maDM1LXA4cGgtcDU0Nc4AAWBS
Silverstripe CMS Open Redirect
Ecosystems: packagist
Packages: silverstripe/framework, silverstripe/cms
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS13dmZ3LXczeDYtZzUyNs4AAToq
Silverstripe Framework SQLi Vulnerability
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 35.6
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS03bXY0LTR4cGcteHE0NM02AQ
FormField with square brackets in field name skips validation
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 19.3
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS0zMm0yLTlmNzYtNGd2OM0pOg
Business Logic Errors in SilverStripe Framework
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 15.6
Published: over 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQzamotMnJ3Yy0ybTNm
Broken access control on files
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 19.3
Published: about 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXF2cnYtMng3eC03OHgy
Reflected XSS in SilverStripe
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 22.2
Published: over 4 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZyNTgtNHhnci1nbTZt
SilverStripe Priviledge escalation through cache pollution
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 9.8
Published: over 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWp2eDUtcm02cS1neDdw
Lack of access control on upoaded files
Ecosystems: packagist
Packages: silverstripe/assets, silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 19.3
Published: over 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXc3cjctcjhyOS12cmcy
Session fixation in change password form
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 22.9
Published: over 4 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNnOGotOHc1Mi03MzV2
Missing warning can lead to unauthenticated admin access in SilverStripe
Ecosystems: packagist
Packages: silverstripe/framework, silverstripe/cms
Source: GitHub Advisory Database
Blast Radius: 35.6
Published: over 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhtNmoteDM0Mi1nd3E5
SilverStripe Versioned Files module Unpublished files are exposed publicly
Ecosystems: packagist
Packages: silverstripe/framework, symbiote/silverstripe-versionedfiles
Source: GitHub Advisory Database
Blast Radius: 19.3
Published: over 4 years ago
Statistics
Advisories: 19,557
Packages: 8,629
Repositories: 5
Ecosystems: 12
Filter by Package
moodle/moodle 342 magento/community-edition 204 typo3/cms 174 pimcore/pimcore 117 dolibarr/dolibarr 111 typo3/cms-core 106 phpmyadmin/phpmyadmin 92 microweber/microweber 91 drupal/core 91 silverstripe/framework 85 drupal/drupal 76 thorsten/phpmyfaq 70 symfony/symfony 64 librenms/librenms 54 concrete5/concrete5 52 shopware/platform 48 baserproject/basercms 43 craftcms/cms 41 showdoc/showdoc 40 intelliants/subrion 39 froxlor/froxlor 37 nilsteampassnet/teampass 37 shopware/core 36 zendframework/zendframework1 34 snipe/snipe-it 33 shopware/shopware 30 mautic/core 30 getgrav/grav 29 centreon/centreon 27 prestashop/prestashop 26 mediawiki/core 24 magento/core 24 pocketmine/pocketmine-mp 23 remdex/livehelperchat 23 zendframework/zendframework 23 simplesamlphp/simplesamlphp 23 grumpydictator/firefly-iii 23 getkirby/cms 22 contao/core-bundle 21 tribalsystems/zenario 20 laravel/framework 19 cockpit-hq/cockpit 18 forkcms/forkcms 18 contao/contao 18 opencart/opencart 17 cakephp/cakephp 17 ezsystems/ezpublish-kernel 17 topthink/framework 17 francoisjacquet/rosariosis 17 genix/cms 17 symfony/security 17 yetiforce/yetiforce-crm 16 october/system 15 openmage/magento-lts 15 ec-cube/ec-cube 15 smarty/smarty 15 symfony/security-http 14 phpmailer/phpmailer 14 silverstripe/cms 14 typo3/cms-backend 14 lavalite/cms 13 elefant/cms 13 bolt/bolt 13 codeigniter4/framework 13 impresscms/impresscms 13 studio-42/elfinder 12 phpbb/phpbb 12 phpmyfaq/phpmyfaq 12 sylius/sylius 12 dompdf/dompdf 12 feehi/feehicms 11 tinymce/tinymce 11 TinyMCE 11 pimcore/admin-ui-classic-bundle 11 symfony/http-foundation 11 feehi/cms 11 ezsystems/ezplatform-kernel 11 wwbn/avideo 11 tinymce 11 yiisoft/yii2 10 pagekit/pagekit 10 ezsystems/ezpublish-legacy 10 nukeviet/nukeviet 10 ssddanbrown/bookstack 10 wallabag/wallabag 10 admidio/admidio 10 funadmin/funadmin 9 alextselegidis/easyappointments 9 kevinpapst/kimai2 9 concrete5/core 9 contao/core 9 october/october 9 sulu/sulu 8 statamic/cms 8 composer/composer 8 codiad/codiad 8 gilacms/gila 8 pimcore/customer-management-framework-bundle 8 october/cms 8 facturascripts/facturascripts 8 croogo/croogo 8 silverstripe/graphql 8 silverstripe/admin 8 ezsystems/ezplatform-admin-ui 7 flarum/core 7 mantisbt/mantisbt 7 wpglobus/wpglobus 7 symfony/http-kernel 7 october/backend 7 passbolt/passbolt_api 7 pterodactyl/panel 7 zoujingli/thinkadmin 6 directmailteam/direct-mail 6 phpseclib/phpseclib 6 yiisoft/yii2-dev 6 bagisto/bagisto 6 automad/automad 6 dweeves/magmi 6 in2code/femanager 6 vrana/adminer 6 yourls/yourls 6 guzzlehttp/guzzle 6 nystudio107/craft-seomatic 6 backdrop/backdrop 6 oro/platform 6 gleez/cms 6 twig/twig 5 symfony/security-core 5 phpxmlrpc/phpxmlrpc 5 woocommerce/woocommerce 5 elgg/elgg 5 neos/flow 5 neos/neos 5 ibexa/core 5 billz/raspap-webgui 5 gugoan/economizzer 5 thinkcmf/thinkcmf 5 silverstripe/assets 5 bottelet/flarepoint 5 simplesamlphp/saml2 5 phpservermon/phpservermon 5 typo3/cms-install 5 cachethq/cachet 5 pear/archive_tar 5 typo3/flow 5 codeigniter/framework 5 illuminate/database 5 anchorcms/anchor-cms 5 processwire/processwire 4 shopware/storefront 4 idno/known 4 evolutioncms/evolution 4 ezsystems/ezplatform 4 codeigniter4/shield 4 appwrite/server-ce 4 kimai/kimai 4 symfony/security-bundle 4 magento/product-community-edition 4 adodb/adodb-php 4 bytefury/crater 4 sylius/resource-bundle 4 pyrocms/pyrocms 4 modx/revolution 4 shopxo/shopxo 4 notrinos/notrinos-erp 4 zendframework/zendopenid 4 spatie/browsershot 4 oro/commerce 4 typo3/cms-frontend 4 wp-premium/gravityforms 4 bref/bref 4 friendsofsymfony/user-bundle 4 typo3/html-sanitizer 4 wintercms/winter 4 bbpress/bbpress 3 privatebin/privatebin 3 reportico-web/reportico 3 zendframework/zend-http 3 ckeditor4 3 enhavo/enhavo-app 3 joomla/framework 3 phpoffice/phpspreadsheet 3 buddypress/buddypress 3 symfony/form 3 qcubed/qcubed 3 zencart/zencart 3 typo3/cms-form 3 amphp/http-client 3 joomla/joomla-cms 3 verbb/comments 3 zendframework/zend-diactoros 3 icecoder/icecoder 3 apache-solr-for-typo3/solr 3 flarum/framework 3 doctrine/orm 3 rudloff/alltube 3 froala/wysiwyg-editor 3 pixelfed/pixelfed 3 limesurvey/limesurvey 3 yiisoft/yii 3