Package impact

Packagist / silverstripe/framework

critical high medium low unknown

0

KEV Has exploit

CVE	Severity	CVSS	Risk	Flags	OS	Vendor	Published	Description
CVE-2015-5062	medium	—	5.8				11y ago	Silverstripe CMS Open Redirect
CVE-2012-4968	medium	—	4.3				14y ago	Silverstripe XSS Vulnerabilities
CVE-2010-1593	medium	—	4.3				16y ago	SilverStripe vulnerable to Cross-site Scripting
CVE-2024-47605	unknown	—	1.0				1y ago	Silverstripe Framework has a XSS via insert media remote file oembed
CVE-2025-30148	unknown	—	—				1y ago	Silverstripe Framework has a XSS vulnerability in HTML editor
CVE-2024-53277	unknown	—	—				1y ago	Silverstripe Framework has a XSS in form messages
CVE-2024-32981	unknown	—	—				2y ago	Silverstripe Framework has a Cross-site Scripting vulnerability with encoded payload
CVE-2023-48714	unknown	—	—				2y ago	Record titles for restricted records can be viewed if exposed by GridFieldAddExistingAutocompleter
CVE-2023-32302	unknown	—	—				3y ago	Silverstripe Framework: Members with no password can be created and bypass custom login forms
CVE-2023-22728	unknown	—	—				3y ago	Missing permission check of canView in GridFieldPrintButton
CVE-2023-22729	unknown	—	—				3y ago	Open redirect vulnerability on CMSSecurity relogin screen
CVE-2022-38148	unknown	—	—				4y ago	Blind SQL Injection via GridFieldSortableHeader
CVE-2022-38462	unknown	—	—				4y ago	Reflected XSS in querystring parameters
CVE-2022-37429	unknown	—	—				4y ago	Stored XSS using HTMLEditor
CVE-2022-37430	unknown	—	—				4y ago	Stored XSS using uppercase characters in HTMLEditor
CVE-2022-38724	unknown	—	—				4y ago	Silverstripe XSS in shortcodes
CVE-2021-41559	unknown	—	—				4y ago	Quadratic blowup in Convert::xml2array()
CVE-2022-25238	unknown	—	—				4y ago	Stored XSS via HTML fields in SilverStripe Framework
CVE-2022-28803	unknown	—	—				4y ago	Stored XSS in link tags added via XHR in SilverStripe Framework
CVE-2020-25817	unknown	—	—				4y ago	SilverStripe XXE Vulnerability in CSSContentParser
CVE-2020-9311	unknown	—	—				4y ago	Silverstripe CMS XSS Vulnerability
CVE-2020-6164	unknown	—	—				4y ago	Silverstripe CMS information disclosure
CVE-2019-19326	unknown	—	—				4y ago	SilverStripe Web Cache Poisoning through HTTPRequestBuilder
CVE-2020-9280	unknown	—	—				4y ago	SilverStripe Folders migrated from 3.x may be unsafe to upload to
CVE-2019-12246	unknown	—	—				4y ago	SilverStripe Denial of Service on flush and development URL tools
CVE-2019-14272	unknown	—	—				4y ago	SilverStripe asset-admin Cross-site Scripting (XSS)
CVE-2019-12205	unknown	—	—				4y ago	Silverstripe Flash Clipboard Reflected XSS
CVE-2017-18049	unknown	—	—				4y ago	SilverStripe CSV Excel Macro Injection
CVE-2019-5715	unknown	—	—				4y ago	Silverstripe Framework SQLi Vulnerability
CVE-2020-26138	unknown	—	—				4y ago	FormField with square brackets in field name skips validation
CVE-2022-0227	unknown	—	—				4y ago	Business Logic Errors in SilverStripe Framework
CVE-2019-14273	unknown	—	—				6y ago	Broken access control on files
CVE-2019-19325	unknown	—	—				6y ago	Reflected XSS in SilverStripe
CVE-2019-12617	unknown	—	—				7y ago	SilverStripe Priviledge escalation through cache pollution
CVE-2019-12245	unknown	—	—				7y ago	Lack of access control on upoaded files
CVE-2019-12203	unknown	—	—				7y ago	Session fixation in change password form
CVE-2019-12204	unknown	—	—				7y ago	Missing warning can lead to unauthenticated admin access in SilverStripe
CVE-2019-16409	unknown	—	—				7y ago	SilverStripe Versioned Files module Unpublished files are exposed publicly