Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

packagist

silverstripe/framework

packagist · The SilverStripe framework · Repository · Package

Security Advisories for silverstripe/framework in packagist

Moderate
6 months ago

Silverstripe Framework user enumeration via timing attack on login and password reset forms GSA_kwCzR0hTQS0yNTZxLWh4OHcteGNxeM4ABGsB

packagist silverstripe/framework
Moderate
6 months ago

Silverstripe Framework has a XSS vulnerability in HTML editor GSA_kwCzR0hTQS1yaHg0LWh2eDktajM4N84ABGrs

packagist silverstripe/framework
Low
8 months ago

Reflected Cross Site Scripting (XSS) in error message GSA_kwCzR0hTQS03NGo5LXhocXItNnF2M84ABDvy

packagist silverstripe/framework
Low
9 months ago

Silverstripe Framework has a Reflected Cross Site Scripting (XSS) in error message GSA_kwCzR0hTQS1tcWYzLXFwYzMtZzI2cc4ABDXq

packagist silverstripe/framework
Moderate
9 months ago

Silverstripe Framework has a XSS in form messages GSA_kwCzR0hTQS1mZjZxLTNjOWMtNmNmNc4ABDXp

packagist silverstripe/framework
Moderate
9 months ago

Silverstripe Framework has a XSS via insert media remote file oembed GSA_kwCzR0hTQS03Y21wLWNnZzgtNGM4Ms4ABDXo

packagist silverstripe/framework
Moderate
about 1 year ago

Silverstripe uses TinyMCE which allows svg files linked in object tags GSA_kwCzR0hTQS01MmN3LXB2cTktOW01ds4AA9-1

packagist silverstripe/framework
Moderate
about 1 year ago

Silverstripe Framework has a Cross-site Scripting vulnerability with encoded payload GSA_kwCzR0hTQS1jaHg3LTl4OGgtcjVtZ84AA9-f

packagist silverstripe/framework
High
over 1 year ago

silverstripe/framework has potential SQL Injection vulnerability in PostgreSQL database connector GSA_kwCzR0hTQS0yNjVxLTIyMngtNTJtNs4AA8i2

packagist silverstripe/framework
High
over 1 year ago

silverstripe/framework has possible denial of service attack vector when flushing GSA_kwCzR0hTQS1jd2dxLTgzdzUtOGpmcc4AA8i1

packagist silverstripe/framework
Moderate
over 1 year ago

silverstripe/framework may disclose database credentials during connection failure GSA_kwCzR0hTQS1tMmhoLTJtNDYteDZqNc4AA8i0

packagist silverstripe/framework
High
over 1 year ago

silverstripe/framework allows upload of dangerous file types GSA_kwCzR0hTQS12Y2c2LThmeGMteDVjcc4AA8iz

packagist silverstripe/framework
Moderate
over 1 year ago

silverstripe/framework vulnerable to member disclosure in login form GSA_kwCzR0hTQS1jcnIzLWg0bTgtN2Y1Ns4AA8iy

packagist silverstripe/framework
Low
over 1 year ago

silverstripe/framework sends passwords back to browsers under some circumstances GSA_kwCzR0hTQS12aDdxLWo4cDUtMmg0aM4AA8ix

packagist silverstripe/framework
Moderate
over 1 year ago

silverstripe/framework uploaded PHP script execution in assets GSA_kwCzR0hTQS1mNDNqLThocTQtMnhqOc4AA8iw

packagist silverstripe/framework
High
over 1 year ago

silverstripe/framework code execution vulnerability GSA_kwCzR0hTQS12Z3hoLXg4anYtaG1mZs4AA8iv

packagist silverstripe/framework
High
over 1 year ago

silverstripe/framework BackURL validation bypass with malformed URLs GSA_kwCzR0hTQS1tNXEzLW12Y3ItZ2M1bc4AA8iu

packagist silverstripe/framework
Moderate
over 1 year ago

silverstripe/framework's install.php script discloses sensitive data by pre-populating DB credential forms GSA_kwCzR0hTQS1yM3ByLWZoMjUtd3JmY84AA8it

packagist silverstripe/framework
Moderate
over 1 year ago

silverstripe/framework Privilege Escalation Risk in Member Edit form GSA_kwCzR0hTQS14cGZmLWMzNWctajNjcs4AA8is

packagist silverstripe/framework
Moderate
over 1 year ago

silverstripe/framework's URL parameters `isDev` and `isTest` unguarded GSA_kwCzR0hTQS01NXFnLTZjNG0tbXc2Z84AA8ir

packagist silverstripe/framework
High
over 1 year ago

silverstripe/framework SQL injection in full text search GSA_kwCzR0hTQS14eDRyLTUyNjUtNDhqNs4AA8iq

packagist silverstripe/framework
Moderate
over 1 year ago

silverstripe/framework users inadvertently passing sensitive data to LoginAttempt GSA_kwCzR0hTQS1waDYyLWZ2NTktdmY5aM4AA8ip

packagist silverstripe/framework
High
over 1 year ago

silverstripe/framework CSV Excel Macro Injection GSA_kwCzR0hTQS1tcWpjLXg1NjMtYzlxOM4AA8io

packagist silverstripe/framework
High
over 1 year ago

silverstripe/framework vulnerable to user enumeration via timing attack on login and password reset forms GSA_kwCzR0hTQS03bTJ2LXg3cmctNWhtNc4AA8in

packagist silverstripe/framework
High
over 1 year ago

silverstripe/framework's User-Agent header not correctly invalidating user session GSA_kwCzR0hTQS00cXg4LWo5dmgtMjYyOM4AA8im

packagist silverstripe/framework
Moderate
over 1 year ago

silverstripe/framework has Cross-site Scripting vulnerability in page history comparison GSA_kwCzR0hTQS1jNGMzLWo3M3YtNjM0cs4AA8il

packagist silverstripe/framework
Moderate
over 1 year ago

silverstripe/framework has Cross-site Scripting vulnerability in RedirectorPage GSA_kwCzR0hTQS1wcDdxLTZqM2YtNzR2as4AA8ik

packagist silverstripe/framework
Moderate
over 1 year ago

silverstripe/framework has Cross-site Scripting vulnerability in CMSSecurity BackURL GSA_kwCzR0hTQS1yODVnLTdqcHYtOHhyeM4AA8ij

packagist silverstripe/framework
Moderate
over 1 year ago

silverstripe/framework has Cross-site Scripting vulnerability in page name GSA_kwCzR0hTQS1oaHZqLW1jcngtM3ZjZs4AA8ii

packagist silverstripe/framework
Moderate
over 1 year ago

silverstripe/framework member disclosure in login form GSA_kwCzR0hTQS1nODRxLWNxNTUteHdncM4AA8ih

packagist silverstripe/framework
Moderate
over 1 year ago

silverstripe/framework vulnerable to Cross-site Scripting In `OptionsetField` and `CheckboxSetField` GSA_kwCzR0hTQS00NjhqLTZqcmMtMnJqeM4AA8ig

packagist silverstripe/framework
Moderate
over 1 year ago

silverstripe/framework's `Member.Name` is not escaped GSA_kwCzR0hTQS1yOXZwLWZwNzIteGdmN84AA8if

packagist silverstripe/framework
Low
over 1 year ago

silverstripe/framework's pre-existing alc_enc cookies log users in if remember me is disabled GSA_kwCzR0hTQS01cjh3LTY2aHEtcmMzOc4AA8ie

packagist silverstripe/framework
Moderate
over 1 year ago

silverstripe/framework missing ACL on reports GSA_kwCzR0hTQS01MmN4LWhwYzUtY3h3Y84AA8id

packagist silverstripe/framework
Moderate
over 1 year ago

silverstripe/framework ChangePasswordForm does not check `Member::canLogIn()` GSA_kwCzR0hTQS1wNWgyLXZyOTkteG05Oc4AA8ic

packagist silverstripe/framework
Low
over 1 year ago

silverstripe/framework password encryption salt not updated GSA_kwCzR0hTQS1mM3dwLXhwdjItNnZtZ84AA8ib

packagist silverstripe/framework
Moderate
over 1 year ago

silverstripe/framework ReadOnly transformation for formfields exploitable GSA_kwCzR0hTQS05N2ptLWczM2gtZjQ2Z84AA8iQ

packagist silverstripe/framework
Moderate
over 1 year ago

Silverstripe Cross-site scripting vulnerability in VersionedRequestFilter GSA_kwCzR0hTQS1tcHFqLWY0djMtMzM0aM4AA8iP

packagist silverstripe/framework
Moderate
over 1 year ago

Silverstripe Missing CSRF protection in login form GSA_kwCzR0hTQS12ajJqLTZnM3ctNDY2Ms4AA8iO

packagist silverstripe/framework
Critical
over 1 year ago

Silverstripe Brute force bypass on default admin GSA_kwCzR0hTQS04djZtLTdmNXYtaGh4Ns4AA8iN

packagist silverstripe/framework
Moderate
over 1 year ago

Silverstripe XSS in CMS Edit Page GSA_kwCzR0hTQS1tOHY3LXgzOTgtcHhyZs4AA8iM

packagist silverstripe/framework
Moderate
over 1 year ago

Silverstripe Hostname, IP and Protocol Spoofing through HTTP Headers GSA_kwCzR0hTQS04N3BmLTd4OTktNXhjNM4AA8iL

packagist silverstripe/framework
Moderate
over 1 year ago

Silverstripe CSRF vulnerability in GridFieldAddExistingAutocompleter GSA_kwCzR0hTQS0yaHBjLW1mNHEtajg4Nc4AA8iK

packagist silverstripe/framework
Moderate
over 1 year ago

Silverstripe Missing security check on dev/build/defaults GSA_kwCzR0hTQS14NXcyLXdjcjgtOXE0Nc4AA8iJ

packagist silverstripe/framework
Moderate
over 1 year ago

Silverstripe HtmlEditor embed url sanitisation GSA_kwCzR0hTQS1xcDI5LXdjYzItdm1wY84AA8hz

packagist silverstripe/framework
Moderate
over 1 year ago

Silverstripe Form field validation message XSS vulnerability GSA_kwCzR0hTQS1qOTgyLTVqdjctdjQzcs4AA8hy

packagist silverstripe/framework
Moderate
over 1 year ago

Silverstripe framework is vulnerable to XSS in install.php GSA_kwCzR0hTQS1tcWY1LTI3NWgtZ2Y2cs4AA8hx

packagist silverstripe/framework
Moderate
over 1 year ago

SilverStripe Vulnerability on 'isDev', 'isTest' and 'flush' $_GET validation GSA_kwCzR0hTQS1nNGhwLXBmdmYtdm01d84AA8hw

packagist silverstripe/framework
Moderate
over 1 year ago

Silverstripe XSS in dev/build returnURL Parameter GSA_kwCzR0hTQS1ocTRwLTVtcHItamo5bc4AA8hv

packagist silverstripe/framework
Moderate
over 1 year ago

Silverstripe External redirection risk in Security?ReturnURL GSA_kwCzR0hTQS12cDhwLWM2eGoteHBqN84AA8hu

packagist silverstripe/framework
High
over 1 year ago

Silverstripe X-Forwarded-Host request hostname injection GSA_kwCzR0hTQS0yNWdxLWp2eDItdmc5eM4AA8ht

packagist silverstripe/framework
Moderate
over 1 year ago

Silverstripe XSS in Director::force_redirect() GSA_kwCzR0hTQS1qcXA4LXY3NHAtZzhweM4AA8hs

packagist silverstripe/framework
Moderate
over 1 year ago

Silverstripe XSS In FormAction GSA_kwCzR0hTQS00aDU0LXZ3eDktM3ZyM84AA8hm

packagist silverstripe/framework
Moderate
over 1 year ago

Silverstripe XSS In rewritten hash links GSA_kwCzR0hTQS0zNHE2LXhxeGgtZ3EzOc4AA8hl

packagist silverstripe/framework
Moderate
over 1 year ago

Silverstripe XSS In GridField print GSA_kwCzR0hTQS04OGpwLTlqcnYtNjM2OM4AA8hj

packagist silverstripe/framework
Moderate
over 1 year ago

Silverstripe XSS in TreeDropdownField and TreeMultiSelectField GSA_kwCzR0hTQS1yMzJqLW1yOHAtaGZwOM4AA8hi

packagist silverstripe/framework
Moderate
over 1 year ago

SilverStripe framework XML Quadratic Blowup Attack GSA_kwCzR0hTQS1nNDN3LTk4d3AtbTY5NM4AA8hh

packagist silverstripe/framework
Moderate
over 1 year ago

Silverstripe IE requests not properly behaving with rewritehashlinks GSA_kwCzR0hTQS01ZjV2LTVjM3YtZ3c1ds4AA8hg

packagist silverstripe/framework
Moderate
over 1 year ago

Record titles for restricted records can be viewed if exposed by GridFieldAddExistingAutocompleter GSA_kwCzR0hTQS1xbTJqLXF2cTMtajI5ds4AA4oN

packagist silverstripe/framework
Low
about 2 years ago

Silverstripe Framework: Members with no password can be created and bypass custom login forms GSA_kwCzR0hTQS0zNnh4LTd2ZjYtN212M84AA0-N

packagist silverstripe/framework
Moderate
over 2 years ago

Missing permission check of canView in GridFieldPrintButton GSA_kwCzR0hTQS1qaDN3LTZqcDItdnFxbc4AAy-8

packagist silverstripe/framework
Moderate
over 2 years ago

Open redirect vulnerability on CMSSecurity relogin screen GSA_kwCzR0hTQS1mdzg0LXhnbTgtOWptds4AAy-7

packagist silverstripe/framework
High
almost 3 years ago

Blind SQL Injection via GridFieldSortableHeader GSA_kwCzR0hTQS1ycjhoLWY5N3EtOHA5Y84AAv_j

packagist silverstripe/framework
Moderate
almost 3 years ago

Reflected XSS in querystring parameters GSA_kwCzR0hTQS12dnhmLXI0dm0tMnZtNs4AAv_i

packagist silverstripe/framework
Moderate
almost 3 years ago

Stored XSS using HTMLEditor GSA_kwCzR0hTQS13YzZyLTRnZ2MtNzl3Nc4AAv_h

packagist silverstripe/framework
Moderate
almost 3 years ago

Stored XSS using uppercase characters in HTMLEditor GSA_kwCzR0hTQS1xdzR3LXZxOHYtMndjds4AAv_g

packagist silverstripe/framework
Moderate
almost 3 years ago

Silverstripe XSS in shortcodes GSA_kwCzR0hTQS05Y3gyLWhqNm0tZnY1OM4AAv_e

packagist silverstripe/framework, silverstripe/assets
Moderate
over 3 years ago

Quadratic blowup in Convert::xml2array() GSA_kwCzR0hTQS05Zm1nLTg5ZngtcjMzd84AAtB0

packagist silverstripe/framework
Moderate
over 3 years ago

Stored XSS via HTML fields in SilverStripe Framework GSA_kwCzR0hTQS1qeDM0LWdxcXEtcjZnbc4AAtBz

packagist silverstripe/framework
Moderate
over 3 years ago

Stored XSS in link tags added via XHR in SilverStripe Framework GSA_kwCzR0hTQS1ycHBjLTY1NXYtN2ozY84AAtBy

packagist silverstripe/framework
Moderate
over 3 years ago

SilverStripe XXE Vulnerability in CSSContentParser GSA_kwCzR0hTQS0zdmpjLTV4NzktbTlyOM4AAot8

packagist silverstripe/framework
Moderate
over 3 years ago

Silverstripe CMS XSS Vulnerability GSA_kwCzR0hTQS0ycHcyLXFwY3AtbTQ3eM4AAlYo

packagist silverstripe/framework
High
over 3 years ago

Silverstripe CMS information disclosure GSA_kwCzR0hTQS1nbTV4LWhwbXcteHB4Z84AAlYx

packagist silverstripe/framework
Moderate
over 3 years ago

SilverStripe Web Cache Poisoning through HTTPRequestBuilder GSA_kwCzR0hTQS1xOWZmLTNxOTMtZm04bc4AAlTU

packagist silverstripe/framework
High
over 3 years ago

SilverStripe Folders migrated from 3.x may be unsafe to upload to GSA_kwCzR0hTQS01OTJtLTQ1MzMtcnhxOc4AAkYY

packagist silverstripe/assets, silverstripe/userforms, silverstripe/framework
Moderate
over 3 years ago

SilverStripe Denial of Service on flush and development URL tools GSA_kwCzR0hTQS01ZnI4LXhocXEtNHAzcc4AAjo3

packagist silverstripe/framework
Moderate
over 3 years ago

SilverStripe asset-admin Cross-site Scripting (XSS) GSA_kwCzR0hTQS1qZ3cyLWY1bXgtcmc3aM4AAiJr

packagist silverstripe/framework
Moderate
over 3 years ago

Silverstripe Flash Clipboard Reflected XSS GSA_kwCzR0hTQS1yZnZ3LTU4NDgtZ3hjNc4AAiIX

packagist silverstripe/framework, silverstripe/admin
Moderate
over 3 years ago

Silverstripe XSS Vulnerabilities GSA_kwCzR0hTQS12MzU4LXJ2eHItd2ZmeM4AAffv

packagist silverstripe/framework
Moderate
over 3 years ago

SilverStripe CSV Excel Macro Injection GSA_kwCzR0hTQS0yanZqLW1oZjItZzk5d84AAXbC

packagist silverstripe/framework
Moderate
over 3 years ago

Silverstripe CMS Open Redirect GSA_kwCzR0hTQS1maDM1LXA4cGgtcDU0Nc4AAWBS

packagist silverstripe/framework, silverstripe/cms
Low
over 3 years ago

SilverStripe vulnerable to Cross-site Scripting GSA_kwCzR0hTQS13ZzRtLXZ2cDYtMmhjNc4AAV8T

packagist silverstripe/framework, silverstripe/cms
Critical
over 3 years ago

Silverstripe Framework SQLi Vulnerability GSA_kwCzR0hTQS13dmZ3LXczeDYtZzUyNs4AAToq

packagist silverstripe/framework
Moderate
over 3 years ago

FormField with square brackets in field name skips validation GSA_kwCzR0hTQS03bXY0LTR4cGcteHE0NM02AQ

packagist silverstripe/framework
Moderate
over 3 years ago

Business Logic Errors in SilverStripe Framework GSA_kwCzR0hTQS0zMm0yLTlmNzYtNGd2OM0pOg

packagist silverstripe/framework
Moderate
about 5 years ago

Broken access control on files MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQzamotMnJ3Yy0ybTNm

packagist silverstripe/framework
Moderate
over 5 years ago

Reflected XSS in SilverStripe MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXF2cnYtMng3eC03OHgy

packagist silverstripe/framework
Low
almost 6 years ago

SilverStripe Priviledge escalation through cache pollution MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZyNTgtNHhnci1nbTZt

packagist silverstripe/framework
Moderate
almost 6 years ago

Session fixation in change password form MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXc3cjctcjhyOS12cmcy

packagist silverstripe/framework
Critical
almost 6 years ago

Missing warning can lead to unauthenticated admin access in SilverStripe MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNnOGotOHc1Mi03MzV2

packagist silverstripe/framework, silverstripe/cms
Moderate
almost 6 years ago

SilverStripe Versioned Files module Unpublished files are exposed publicly MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhtNmoteDM0Mi1nd3E5

packagist silverstripe/framework, symbiote/silverstripe-versionedfiles

Filter by Severity

Moderate 67 High 13 Low 8 Critical 3