CRITICAL9.8CVE-2019-5715Silverstripe Framework SQLi Vulnerability >= 3.0.0, < 3.6.7
CRITICAL9.8CVE-2019-12204Missing warning can lead to unauthenticated admin access in SilverStripe >= 4.1.0, < 4.3.5
HIGH8.8Blind SQL Injection via GridFieldSortableHeader
>= 4.0.0, < 4.10.11
HIGH7.5Silverstripe CMS information disclosure
>= 4.0.0, < 4.4.7
HIGH7.5SilverStripe Folders migrated from 3.x may be unsafe to upload to
>= 4.0.0, < 4.4.6
MEDIUM6.5Quadratic blowup in Convert::xml2array()
>= 4.0.0, < 4.10.9
MEDIUM6.3Session fixation in change password form
>= 3.7.0, < 3.7.4
MEDIUM6.1Open redirect vulnerability on CMSSecurity relogin screen
from 0, < 4.12.5
MEDIUM6.1Reflected XSS in querystring parameters
>= 4.0.0, < 4.11.13
MEDIUM6.1Silverstripe Flash Clipboard Reflected XSS
>= 3.0.0, < 4.3.5
MEDIUM6.1Reflected XSS in SilverStripe
>= 4.5.0, < 4.5.2
MEDIUM5.9SilverStripe Web Cache Poisoning through HTTPRequestBuilder
>= 4.0.0, < 4.4.7
MEDIUM5.5SilverStripe CSV Excel Macro Injection
from 0, < 3.5.6
MEDIUM5.4Silverstripe Framework has a XSS vulnerability in HTML editor
from 0, < 5.3.23
MEDIUM5.4Silverstripe Framework has a XSS in form messages
from 0, < 5.3.8
MEDIUM5.4Silverstripe Framework has a XSS via insert media remote file oembed
from 0, < 5.3.8
MEDIUM5.4Silverstripe Framework has a Cross-site Scripting vulnerability with encoded payload
from 0, < 5.2.16
MEDIUM5.4Stored XSS using HTMLEditor
>= 4.0.0, < 4.11.13
MEDIUM5.4Stored XSS using uppercase characters in HTMLEditor
>= 4.0.0, < 4.11.13
MEDIUM5.4Silverstripe XSS in shortcodes
>= 4.0.0, < 4.11.13
MEDIUM5.4Stored XSS via HTML fields in SilverStripe Framework
>= 4.0.0, < 4.10.9
MEDIUM5.4Stored XSS in link tags added via XHR in SilverStripe Framework
>= 4.0.0, < 4.10.9
MEDIUM5.4Silverstripe CMS XSS Vulnerability
>= 3.0.0, < 3.7.5
MEDIUM5.4SilverStripe asset-admin Cross-site Scripting (XSS)
>= 4.0.0, < 4.3.5
MEDIUM5.3FormField with square brackets in field name skips validation
>= 3.0.0, < 4.7.4
MEDIUM5.3Broken access control on files
>= 4.0.0, < 4.3.5
MEDIUM5.3Lack of access control on upoaded files
from 0, < 3.6.8
MEDIUM5.3SilverStripe Versioned Files module Unpublished files are exposed publicly
>= 4.0.0, < 4.3.5
MEDIUM4.8SilverStripe XXE Vulnerability in CSSContentParser
>= 4.0.0, < 4.7.4
MEDIUM4.3Record titles for restricted records can be viewed if exposed by GridFieldAddExistingAutocompleter
from 0, < 4.13.39
MEDIUM4.3Missing permission check of canView in GridFieldPrintButton
from 0, < 4.12.5
MEDIUM4.3SilverStripe Denial of Service on flush and development URL tools
>= 4.0.0, < 4.4.0
MEDIUM4.3Business Logic Errors in SilverStripe Framework
from 0, < 4.10.1
LOW2.7SilverStripe Priviledge escalation through cache pollution
>= 4.4.0, < 4.4.4
NONE0.0Silverstripe Framework: Members with no password can be created and bypass custom login forms
>= 3.0.0, < 4.13.14
—Silverstripe XSS Vulnerabilities
>= 2.3, < 2.3.13
—Silverstripe CMS Open Redirect
from 0, <= 3.1.13
—SilverStripe vulnerable to Cross-site Scripting
from 0, < 2.3.5