Vulnerabilites related to silverstripe - silverstripe
CVE-2011-4959 (GCVE-0-2011-4959)
Vulnerability from cvelistv5
Published
2012-09-17 17:00
Modified
2024-09-17 02:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
SQL injection vulnerability in the addslashes method in SilverStripe 2.3.x before 2.3.12 and 2.4.x before 2.4.6, when connected to a MySQL database using far east character encodings, allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/silverstripe/sapphire/commit/73cca09 | x_refsource_CONFIRM | |
| https://github.com/silverstripe/silverstripe-cms/commit/b5ea2f6 | x_refsource_CONFIRM | |
| https://github.com/silverstripe/sapphire/commit/ca78784 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2012/04/30/1 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2012/04/30/3 | mailing-list, x_refsource_MLIST | |
| http://doc.silverstripe.org/framework/en/trunk/changelogs/2.3.12 | x_refsource_CONFIRM | |
| http://doc.silverstripe.org/framework/en/trunk/changelogs/2.4.6 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:23:39.746Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/silverstripe/sapphire/commit/73cca09"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/silverstripe/silverstripe-cms/commit/b5ea2f6"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/silverstripe/sapphire/commit/ca78784"
},
{
"name": "[oss-security] 20120430 CVE-request: SilverStripe before 2.4.4",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/1"
},
{
"name": "[oss-security] 20120430 Re: CVE-request: SilverStripe before 2.4.4",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://doc.silverstripe.org/framework/en/trunk/changelogs/2.3.12"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://doc.silverstripe.org/framework/en/trunk/changelogs/2.4.6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the addslashes method in SilverStripe 2.3.x before 2.3.12 and 2.4.x before 2.4.6, when connected to a MySQL database using far east character encodings, allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-09-17T17:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/silverstripe/sapphire/commit/73cca09"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/silverstripe/silverstripe-cms/commit/b5ea2f6"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/silverstripe/sapphire/commit/ca78784"
},
{
"name": "[oss-security] 20120430 CVE-request: SilverStripe before 2.4.4",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/1"
},
{
"name": "[oss-security] 20120430 Re: CVE-request: SilverStripe before 2.4.4",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://doc.silverstripe.org/framework/en/trunk/changelogs/2.3.12"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://doc.silverstripe.org/framework/en/trunk/changelogs/2.4.6"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-4959",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the addslashes method in SilverStripe 2.3.x before 2.3.12 and 2.4.x before 2.4.6, when connected to a MySQL database using far east character encodings, allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/silverstripe/sapphire/commit/73cca09",
"refsource": "CONFIRM",
"url": "https://github.com/silverstripe/sapphire/commit/73cca09"
},
{
"name": "https://github.com/silverstripe/silverstripe-cms/commit/b5ea2f6",
"refsource": "CONFIRM",
"url": "https://github.com/silverstripe/silverstripe-cms/commit/b5ea2f6"
},
{
"name": "https://github.com/silverstripe/sapphire/commit/ca78784",
"refsource": "CONFIRM",
"url": "https://github.com/silverstripe/sapphire/commit/ca78784"
},
{
"name": "[oss-security] 20120430 CVE-request: SilverStripe before 2.4.4",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/1"
},
{
"name": "[oss-security] 20120430 Re: CVE-request: SilverStripe before 2.4.4",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/3"
},
{
"name": "http://doc.silverstripe.org/framework/en/trunk/changelogs/2.3.12",
"refsource": "CONFIRM",
"url": "http://doc.silverstripe.org/framework/en/trunk/changelogs/2.3.12"
},
{
"name": "http://doc.silverstripe.org/framework/en/trunk/changelogs/2.4.6",
"refsource": "CONFIRM",
"url": "http://doc.silverstripe.org/framework/en/trunk/changelogs/2.4.6"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-4959",
"datePublished": "2012-09-17T17:00:00Z",
"dateReserved": "2011-12-23T00:00:00Z",
"dateUpdated": "2024-09-17T02:10:53.830Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-5094 (GCVE-0-2010-5094)
Vulnerability from cvelistv5
Published
2012-08-26 18:00
Modified
2024-09-17 00:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The deleteinstallfiles function in control/ContentController.php in SilverStripe 2.3.x before 2.3.7 does not require ADMIN permissions, which allows remote attackers to delete index.php and "disrupt mod_rewrite-less URL routing."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2012/05/01/3 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2012/04/30/1 | mailing-list, x_refsource_MLIST | |
| http://www.silverstripe.org/security-releases | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2012/04/30/3 | mailing-list, x_refsource_MLIST | |
| http://open.silverstripe.org/changeset/101227 | x_refsource_CONFIRM | |
| http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.3.7 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:09:39.085Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20120501 Re: CVE-request: SilverStripe before 2.4.4",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/01/3"
},
{
"name": "[oss-security] 20120430 CVE-request: SilverStripe before 2.4.4",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.silverstripe.org/security-releases"
},
{
"name": "[oss-security] 20120430 Re: CVE-request: SilverStripe before 2.4.4",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://open.silverstripe.org/changeset/101227"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.3.7"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The deleteinstallfiles function in control/ContentController.php in SilverStripe 2.3.x before 2.3.7 does not require ADMIN permissions, which allows remote attackers to delete index.php and \"disrupt mod_rewrite-less URL routing.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-08-26T18:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20120501 Re: CVE-request: SilverStripe before 2.4.4",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/01/3"
},
{
"name": "[oss-security] 20120430 CVE-request: SilverStripe before 2.4.4",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.silverstripe.org/security-releases"
},
{
"name": "[oss-security] 20120430 Re: CVE-request: SilverStripe before 2.4.4",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://open.silverstripe.org/changeset/101227"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.3.7"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-5094",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The deleteinstallfiles function in control/ContentController.php in SilverStripe 2.3.x before 2.3.7 does not require ADMIN permissions, which allows remote attackers to delete index.php and \"disrupt mod_rewrite-less URL routing.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20120501 Re: CVE-request: SilverStripe before 2.4.4",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/05/01/3"
},
{
"name": "[oss-security] 20120430 CVE-request: SilverStripe before 2.4.4",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/1"
},
{
"name": "http://www.silverstripe.org/security-releases",
"refsource": "CONFIRM",
"url": "http://www.silverstripe.org/security-releases"
},
{
"name": "[oss-security] 20120430 Re: CVE-request: SilverStripe before 2.4.4",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/3"
},
{
"name": "http://open.silverstripe.org/changeset/101227",
"refsource": "CONFIRM",
"url": "http://open.silverstripe.org/changeset/101227"
},
{
"name": "http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.3.7",
"refsource": "CONFIRM",
"url": "http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.3.7"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-5094",
"datePublished": "2012-08-26T18:00:00Z",
"dateReserved": "2012-04-30T00:00:00Z",
"dateUpdated": "2024-09-17T00:11:21.597Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-4961 (GCVE-0-2011-4961)
Vulnerability from cvelistv5
Published
2012-09-17 17:00
Modified
2024-09-16 17:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
SilverStripe 2.3.x before 2.3.12 and 2.4.x before 2.4.6 allows remote authenticated users with the EDIT_PERMISSIONS permission to gain administrator privileges via a TreeMultiselectField that includes admin groups when adding a user to the selected groups.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/silverstripe/sapphire/commit/de1f070 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2012/04/30/1 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2012/04/30/3 | mailing-list, x_refsource_MLIST | |
| http://doc.silverstripe.org/framework/en/trunk/changelogs/2.3.12 | x_refsource_CONFIRM | |
| http://doc.silverstripe.org/framework/en/trunk/changelogs/2.4.6 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:23:39.206Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/silverstripe/sapphire/commit/de1f070"
},
{
"name": "[oss-security] 20120430 CVE-request: SilverStripe before 2.4.4",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/1"
},
{
"name": "[oss-security] 20120430 Re: CVE-request: SilverStripe before 2.4.4",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://doc.silverstripe.org/framework/en/trunk/changelogs/2.3.12"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://doc.silverstripe.org/framework/en/trunk/changelogs/2.4.6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SilverStripe 2.3.x before 2.3.12 and 2.4.x before 2.4.6 allows remote authenticated users with the EDIT_PERMISSIONS permission to gain administrator privileges via a TreeMultiselectField that includes admin groups when adding a user to the selected groups."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-09-17T17:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/silverstripe/sapphire/commit/de1f070"
},
{
"name": "[oss-security] 20120430 CVE-request: SilverStripe before 2.4.4",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/1"
},
{
"name": "[oss-security] 20120430 Re: CVE-request: SilverStripe before 2.4.4",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://doc.silverstripe.org/framework/en/trunk/changelogs/2.3.12"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://doc.silverstripe.org/framework/en/trunk/changelogs/2.4.6"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-4961",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SilverStripe 2.3.x before 2.3.12 and 2.4.x before 2.4.6 allows remote authenticated users with the EDIT_PERMISSIONS permission to gain administrator privileges via a TreeMultiselectField that includes admin groups when adding a user to the selected groups."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/silverstripe/sapphire/commit/de1f070",
"refsource": "CONFIRM",
"url": "https://github.com/silverstripe/sapphire/commit/de1f070"
},
{
"name": "[oss-security] 20120430 CVE-request: SilverStripe before 2.4.4",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/1"
},
{
"name": "[oss-security] 20120430 Re: CVE-request: SilverStripe before 2.4.4",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/3"
},
{
"name": "http://doc.silverstripe.org/framework/en/trunk/changelogs/2.3.12",
"refsource": "CONFIRM",
"url": "http://doc.silverstripe.org/framework/en/trunk/changelogs/2.3.12"
},
{
"name": "http://doc.silverstripe.org/framework/en/trunk/changelogs/2.4.6",
"refsource": "CONFIRM",
"url": "http://doc.silverstripe.org/framework/en/trunk/changelogs/2.4.6"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-4961",
"datePublished": "2012-09-17T17:00:00Z",
"dateReserved": "2011-12-23T00:00:00Z",
"dateUpdated": "2024-09-16T17:19:06.700Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-12437 (GCVE-0-2019-12437)
Vulnerability from cvelistv5
Published
2020-02-19 16:28
Modified
2024-08-04 23:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In SilverStripe through 4.3.3, the previous fix for SS-2018-007 does not completely mitigate the risk of CSRF in GraphQL mutations,
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.silverstripe.org/download/security-releases/ | x_refsource_CONFIRM | |
| https://www.silverstripe.org/blog/tag/release | x_refsource_MISC | |
| https://forum.silverstripe.org/c/releases | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:17:40.140Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.silverstripe.org/download/security-releases/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.silverstripe.org/blog/tag/release"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://forum.silverstripe.org/c/releases"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In SilverStripe through 4.3.3, the previous fix for SS-2018-007 does not completely mitigate the risk of CSRF in GraphQL mutations,"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-19T16:28:06",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.silverstripe.org/download/security-releases/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.silverstripe.org/blog/tag/release"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://forum.silverstripe.org/c/releases"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-12437",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In SilverStripe through 4.3.3, the previous fix for SS-2018-007 does not completely mitigate the risk of CSRF in GraphQL mutations,"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.silverstripe.org/download/security-releases/",
"refsource": "CONFIRM",
"url": "https://www.silverstripe.org/download/security-releases/"
},
{
"name": "https://www.silverstripe.org/blog/tag/release",
"refsource": "MISC",
"url": "https://www.silverstripe.org/blog/tag/release"
},
{
"name": "https://forum.silverstripe.org/c/releases",
"refsource": "MISC",
"url": "https://forum.silverstripe.org/c/releases"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-12437",
"datePublished": "2020-02-19T16:28:06",
"dateReserved": "2019-05-28T00:00:00",
"dateUpdated": "2024-08-04T23:17:40.140Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-4958 (GCVE-0-2011-4958)
Vulnerability from cvelistv5
Published
2014-04-08 14:00
Modified
2024-08-07 00:23
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in the process function in SSViewer.php in SilverStripe before 2.3.13 and 2.4.x before 2.4.6 allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING to template placeholders, as demonstrated by a request to (1) admin/reports/, (2) admin/comments/, (3) admin/, (4) admin/show/, (5) admin/assets/, and (6) admin/security/.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/520050/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://doc.silverstripe.org/sapphire/en/trunk/changelogs/2.4.6 | x_refsource_CONFIRM | |
| http://doc.silverstripe.org/sapphire/en/trunk/changelogs/2.3.12 | x_refsource_CONFIRM | |
| http://osvdb.org/76258 | vdb-entry, x_refsource_OSVDB | |
| https://github.com/silverstripe/sapphire/commit/bdd6391 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/46390 | third-party-advisory, x_refsource_SECUNIA | |
| https://github.com/silverstripe/sapphire/commit/52a895f | x_refsource_CONFIRM | |
| https://github.com/silverstripe/sapphire/commit/16c3235 | x_refsource_CONFIRM | |
| http://www.rul3z.de/advisories/SSCHADV2011-024.txt | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:23:39.120Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20111008 SilverStripe 2.4.5 Multiple backend Cross-site scripting vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/520050/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://doc.silverstripe.org/sapphire/en/trunk/changelogs/2.4.6"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://doc.silverstripe.org/sapphire/en/trunk/changelogs/2.3.12"
},
{
"name": "76258",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/76258"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/silverstripe/sapphire/commit/bdd6391"
},
{
"name": "46390",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46390"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/silverstripe/sapphire/commit/52a895f"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/silverstripe/sapphire/commit/16c3235"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.rul3z.de/advisories/SSCHADV2011-024.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-10-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the process function in SSViewer.php in SilverStripe before 2.3.13 and 2.4.x before 2.4.6 allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING to template placeholders, as demonstrated by a request to (1) admin/reports/, (2) admin/comments/, (3) admin/, (4) admin/show/, (5) admin/assets/, and (6) admin/security/."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "20111008 SilverStripe 2.4.5 Multiple backend Cross-site scripting vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/520050/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://doc.silverstripe.org/sapphire/en/trunk/changelogs/2.4.6"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://doc.silverstripe.org/sapphire/en/trunk/changelogs/2.3.12"
},
{
"name": "76258",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/76258"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/silverstripe/sapphire/commit/bdd6391"
},
{
"name": "46390",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46390"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/silverstripe/sapphire/commit/52a895f"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/silverstripe/sapphire/commit/16c3235"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.rul3z.de/advisories/SSCHADV2011-024.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-4958",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the process function in SSViewer.php in SilverStripe before 2.3.13 and 2.4.x before 2.4.6 allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING to template placeholders, as demonstrated by a request to (1) admin/reports/, (2) admin/comments/, (3) admin/, (4) admin/show/, (5) admin/assets/, and (6) admin/security/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20111008 SilverStripe 2.4.5 Multiple backend Cross-site scripting vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/520050/100/0/threaded"
},
{
"name": "http://doc.silverstripe.org/sapphire/en/trunk/changelogs/2.4.6",
"refsource": "CONFIRM",
"url": "http://doc.silverstripe.org/sapphire/en/trunk/changelogs/2.4.6"
},
{
"name": "http://doc.silverstripe.org/sapphire/en/trunk/changelogs/2.3.12",
"refsource": "CONFIRM",
"url": "http://doc.silverstripe.org/sapphire/en/trunk/changelogs/2.3.12"
},
{
"name": "76258",
"refsource": "OSVDB",
"url": "http://osvdb.org/76258"
},
{
"name": "https://github.com/silverstripe/sapphire/commit/bdd6391",
"refsource": "CONFIRM",
"url": "https://github.com/silverstripe/sapphire/commit/bdd6391"
},
{
"name": "46390",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46390"
},
{
"name": "https://github.com/silverstripe/sapphire/commit/52a895f",
"refsource": "CONFIRM",
"url": "https://github.com/silverstripe/sapphire/commit/52a895f"
},
{
"name": "https://github.com/silverstripe/sapphire/commit/16c3235",
"refsource": "CONFIRM",
"url": "https://github.com/silverstripe/sapphire/commit/16c3235"
},
{
"name": "http://www.rul3z.de/advisories/SSCHADV2011-024.txt",
"refsource": "MISC",
"url": "http://www.rul3z.de/advisories/SSCHADV2011-024.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-4958",
"datePublished": "2014-04-08T14:00:00",
"dateReserved": "2011-12-23T00:00:00",
"dateUpdated": "2024-08-07T00:23:39.120Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-6165 (GCVE-0-2020-6165)
Vulnerability from cvelistv5
Published
2020-07-15 20:27
Modified
2024-08-04 08:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
SilverStripe 4.5.0 allows attackers to read certain records that should not have been placed into a result set. This affects silverstripe/recipe-cms. The automatic permission-checking mechanism in the silverstripe/graphql module does not provide complete protection against lists that are limited (e.g., through pagination), resulting in records that should have failed a permission check being added to the final result set. GraphQL endpoints are configured by default (e.g., for assets), but the admin/graphql endpoint is access protected by default. This limits the vulnerability to all authenticated users, including those with limited permissions (e.g., where viewing records exposed through admin/graphql requires administrator permissions). However, if custom GraphQL endpoints have been configured for a specific implementation (usually under /graphql), this vulnerability could also be exploited through unauthenticated requests. This vulnerability only applies to reading records; it does not allow unauthorised changing of records.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.silverstripe.org/download/security-releases/CVE-2020-6165 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:55:21.935Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.silverstripe.org/download/security-releases/CVE-2020-6165"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2020-07-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SilverStripe 4.5.0 allows attackers to read certain records that should not have been placed into a result set. This affects silverstripe/recipe-cms. The automatic permission-checking mechanism in the silverstripe/graphql module does not provide complete protection against lists that are limited (e.g., through pagination), resulting in records that should have failed a permission check being added to the final result set. GraphQL endpoints are configured by default (e.g., for assets), but the admin/graphql endpoint is access protected by default. This limits the vulnerability to all authenticated users, including those with limited permissions (e.g., where viewing records exposed through admin/graphql requires administrator permissions). However, if custom GraphQL endpoints have been configured for a specific implementation (usually under /graphql), this vulnerability could also be exploited through unauthenticated requests. This vulnerability only applies to reading records; it does not allow unauthorised changing of records."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-15T20:27:39",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.silverstripe.org/download/security-releases/CVE-2020-6165"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-6165",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SilverStripe 4.5.0 allows attackers to read certain records that should not have been placed into a result set. This affects silverstripe/recipe-cms. The automatic permission-checking mechanism in the silverstripe/graphql module does not provide complete protection against lists that are limited (e.g., through pagination), resulting in records that should have failed a permission check being added to the final result set. GraphQL endpoints are configured by default (e.g., for assets), but the admin/graphql endpoint is access protected by default. This limits the vulnerability to all authenticated users, including those with limited permissions (e.g., where viewing records exposed through admin/graphql requires administrator permissions). However, if custom GraphQL endpoints have been configured for a specific implementation (usually under /graphql), this vulnerability could also be exploited through unauthenticated requests. This vulnerability only applies to reading records; it does not allow unauthorised changing of records."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.silverstripe.org/download/security-releases/CVE-2020-6165",
"refsource": "MISC",
"url": "https://www.silverstripe.org/download/security-releases/CVE-2020-6165"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-6165",
"datePublished": "2020-07-15T20:27:39",
"dateReserved": "2020-01-08T00:00:00",
"dateUpdated": "2024-08-04T08:55:21.935Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-1593 (GCVE-0-2010-1593)
Vulnerability from cvelistv5
Published
2010-04-28 23:00
Modified
2024-08-07 01:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple cross-site scripting (XSS) vulnerabilities in SilverStripe before 2.3.5 allow remote attackers to inject arbitrary web script or HTML via (1) the CommenterURL parameter to PostCommentForm, and in the Forum module before 0.2.5 in SilverStripe before 2.3.5 allow remote attackers to inject arbitrary web script or HTML via (2) the Search parameter to forums/search (aka the search script).
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:28:41.998Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.silverstripe.org/security-releases/"
},
{
"name": "61921",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/61921"
},
{
"name": "38347",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38347"
},
{
"name": "61923",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/61923"
},
{
"name": "20100122 Silverstripe \u003c= v2.3.4: two XSS vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/509139/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://open.silverstripe.org/wiki/ChangeLog/2.3.5"
},
{
"name": "silverstripe-comment-xss(55838)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55838"
},
{
"name": "37923",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37923"
},
{
"name": "20100122 Silverstripe \u003c= v2.3.4: two XSS vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-01/0450.html"
},
{
"name": "silverstripe-search-xss(55839)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55839"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://groups.google.com/group/silverstripe-announce/browse_thread/thread/f51749342eee9456"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://open.silverstripe.org/changeset/97074"
},
{
"name": "38290",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38290"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-01-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in SilverStripe before 2.3.5 allow remote attackers to inject arbitrary web script or HTML via (1) the CommenterURL parameter to PostCommentForm, and in the Forum module before 0.2.5 in SilverStripe before 2.3.5 allow remote attackers to inject arbitrary web script or HTML via (2) the Search parameter to forums/search (aka the search script)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.silverstripe.org/security-releases/"
},
{
"name": "61921",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/61921"
},
{
"name": "38347",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38347"
},
{
"name": "61923",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/61923"
},
{
"name": "20100122 Silverstripe \u003c= v2.3.4: two XSS vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/509139/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://open.silverstripe.org/wiki/ChangeLog/2.3.5"
},
{
"name": "silverstripe-comment-xss(55838)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55838"
},
{
"name": "37923",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37923"
},
{
"name": "20100122 Silverstripe \u003c= v2.3.4: two XSS vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-01/0450.html"
},
{
"name": "silverstripe-search-xss(55839)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55839"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://groups.google.com/group/silverstripe-announce/browse_thread/thread/f51749342eee9456"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://open.silverstripe.org/changeset/97074"
},
{
"name": "38290",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38290"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1593",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in SilverStripe before 2.3.5 allow remote attackers to inject arbitrary web script or HTML via (1) the CommenterURL parameter to PostCommentForm, and in the Forum module before 0.2.5 in SilverStripe before 2.3.5 allow remote attackers to inject arbitrary web script or HTML via (2) the Search parameter to forums/search (aka the search script)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.silverstripe.org/security-releases/",
"refsource": "CONFIRM",
"url": "http://www.silverstripe.org/security-releases/"
},
{
"name": "61921",
"refsource": "OSVDB",
"url": "http://osvdb.org/61921"
},
{
"name": "38347",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38347"
},
{
"name": "61923",
"refsource": "OSVDB",
"url": "http://osvdb.org/61923"
},
{
"name": "20100122 Silverstripe \u003c= v2.3.4: two XSS vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/509139/100/0/threaded"
},
{
"name": "http://open.silverstripe.org/wiki/ChangeLog/2.3.5",
"refsource": "CONFIRM",
"url": "http://open.silverstripe.org/wiki/ChangeLog/2.3.5"
},
{
"name": "silverstripe-comment-xss(55838)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55838"
},
{
"name": "37923",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37923"
},
{
"name": "20100122 Silverstripe \u003c= v2.3.4: two XSS vulnerabilities",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-01/0450.html"
},
{
"name": "silverstripe-search-xss(55839)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55839"
},
{
"name": "http://groups.google.com/group/silverstripe-announce/browse_thread/thread/f51749342eee9456",
"refsource": "CONFIRM",
"url": "http://groups.google.com/group/silverstripe-announce/browse_thread/thread/f51749342eee9456"
},
{
"name": "http://open.silverstripe.org/changeset/97074",
"refsource": "CONFIRM",
"url": "http://open.silverstripe.org/changeset/97074"
},
{
"name": "38290",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38290"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1593",
"datePublished": "2010-04-28T23:00:00",
"dateReserved": "2010-04-28T00:00:00",
"dateUpdated": "2024-08-07T01:28:41.998Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-19325 (GCVE-0-2019-19325)
Vulnerability from cvelistv5
Published
2020-02-17 19:59
Modified
2024-08-05 02:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
SilverStripe through 4.4.x before 4.4.5 and 4.5.x before 4.5.2 allows Reflected XSS on the login form and custom forms. Silverstripe Forms allow malicious HTML or JavaScript to be inserted through non-scalar FormField attributes, which allows performing XSS (Cross-Site Scripting) on some forms built with user input (Request data). This can lead to phishing attempts to obtain a user's credentials or other sensitive user input.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.silverstripe.org/download/security-releases/cve-2019-19325 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:16:46.824Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.silverstripe.org/download/security-releases/cve-2019-19325"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SilverStripe through 4.4.x before 4.4.5 and 4.5.x before 4.5.2 allows Reflected XSS on the login form and custom forms. Silverstripe Forms allow malicious HTML or JavaScript to be inserted through non-scalar FormField attributes, which allows performing XSS (Cross-Site Scripting) on some forms built with user input (Request data). This can lead to phishing attempts to obtain a user\u0027s credentials or other sensitive user input."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-17T19:59:29",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.silverstripe.org/download/security-releases/cve-2019-19325"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-19325",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SilverStripe through 4.4.x before 4.4.5 and 4.5.x before 4.5.2 allows Reflected XSS on the login form and custom forms. Silverstripe Forms allow malicious HTML or JavaScript to be inserted through non-scalar FormField attributes, which allows performing XSS (Cross-Site Scripting) on some forms built with user input (Request data). This can lead to phishing attempts to obtain a user\u0027s credentials or other sensitive user input."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.silverstripe.org/download/security-releases/cve-2019-19325",
"refsource": "CONFIRM",
"url": "https://www.silverstripe.org/download/security-releases/cve-2019-19325"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-19325",
"datePublished": "2020-02-17T19:59:29",
"dateReserved": "2019-11-27T00:00:00",
"dateUpdated": "2024-08-05T02:16:46.824Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-5095 (GCVE-0-2010-5095)
Vulnerability from cvelistv5
Published
2012-08-26 18:00
Modified
2024-08-07 04:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in SilverStripe 2.3.x before 2.3.6 allows remote attackers to inject arbitrary web script or HTML via vectors related to DataObjectSet pagination.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2012/05/01/3 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2012/04/30/1 | mailing-list, x_refsource_MLIST | |
| http://www.silverstripe.org/security-releases | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2012/04/30/3 | mailing-list, x_refsource_MLIST | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/56546 | vdb-entry, x_refsource_XF | |
| http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.3.6 | x_refsource_CONFIRM | |
| http://groups.google.com/group/silverstripe-announce/browse_thread/thread/c75fbd7926ed2725?tvc=2&fwc=1 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/38697 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/38394 | vdb-entry, x_refsource_BID | |
| http://www.osvdb.org/62541 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:09:39.236Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20120501 Re: CVE-request: SilverStripe before 2.4.4",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/01/3"
},
{
"name": "[oss-security] 20120430 CVE-request: SilverStripe before 2.4.4",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.silverstripe.org/security-releases"
},
{
"name": "[oss-security] 20120430 Re: CVE-request: SilverStripe before 2.4.4",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/3"
},
{
"name": "silverstripe-dataobjectset-xss(56546)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56546"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.3.6"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://groups.google.com/group/silverstripe-announce/browse_thread/thread/c75fbd7926ed2725?tvc=2\u0026fwc=1"
},
{
"name": "38697",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38697"
},
{
"name": "38394",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/38394"
},
{
"name": "62541",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/62541"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-02-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in SilverStripe 2.3.x before 2.3.6 allows remote attackers to inject arbitrary web script or HTML via vectors related to DataObjectSet pagination."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20120501 Re: CVE-request: SilverStripe before 2.4.4",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/01/3"
},
{
"name": "[oss-security] 20120430 CVE-request: SilverStripe before 2.4.4",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.silverstripe.org/security-releases"
},
{
"name": "[oss-security] 20120430 Re: CVE-request: SilverStripe before 2.4.4",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/3"
},
{
"name": "silverstripe-dataobjectset-xss(56546)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56546"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.3.6"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://groups.google.com/group/silverstripe-announce/browse_thread/thread/c75fbd7926ed2725?tvc=2\u0026fwc=1"
},
{
"name": "38697",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38697"
},
{
"name": "38394",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/38394"
},
{
"name": "62541",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/62541"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-5095",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in SilverStripe 2.3.x before 2.3.6 allows remote attackers to inject arbitrary web script or HTML via vectors related to DataObjectSet pagination."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20120501 Re: CVE-request: SilverStripe before 2.4.4",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/05/01/3"
},
{
"name": "[oss-security] 20120430 CVE-request: SilverStripe before 2.4.4",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/1"
},
{
"name": "http://www.silverstripe.org/security-releases",
"refsource": "CONFIRM",
"url": "http://www.silverstripe.org/security-releases"
},
{
"name": "[oss-security] 20120430 Re: CVE-request: SilverStripe before 2.4.4",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/3"
},
{
"name": "silverstripe-dataobjectset-xss(56546)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56546"
},
{
"name": "http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.3.6",
"refsource": "CONFIRM",
"url": "http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.3.6"
},
{
"name": "http://groups.google.com/group/silverstripe-announce/browse_thread/thread/c75fbd7926ed2725?tvc=2\u0026fwc=1",
"refsource": "CONFIRM",
"url": "http://groups.google.com/group/silverstripe-announce/browse_thread/thread/c75fbd7926ed2725?tvc=2\u0026fwc=1"
},
{
"name": "38697",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38697"
},
{
"name": "38394",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38394"
},
{
"name": "62541",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/62541"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-5095",
"datePublished": "2012-08-26T18:00:00",
"dateReserved": "2012-04-30T00:00:00",
"dateUpdated": "2024-08-07T04:09:39.236Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-18049 (GCVE-0-2017-18049)
Vulnerability from cvelistv5
Published
2018-01-23 06:00
Modified
2024-08-05 21:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In the CSV export feature of SilverStripe before 3.5.6, 3.6.x before 3.6.3, and 4.x before 4.0.1, it's possible for the output to contain macros and scripts, which may be executed if imported without sanitization into common software (including Microsoft Excel). For example, the CSV data may contain untrusted user input from the "First Name" field of a user's /myprofile page.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.exploit-db.com/exploits/43396/ | exploit, x_refsource_EXPLOIT-DB | |
| https://www.silverstripe.org/download/security-releases/ss-2017-007 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:06:50.219Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "43396",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/43396/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.silverstripe.org/download/security-releases/ss-2017-007"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-01-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In the CSV export feature of SilverStripe before 3.5.6, 3.6.x before 3.6.3, and 4.x before 4.0.1, it\u0027s possible for the output to contain macros and scripts, which may be executed if imported without sanitization into common software (including Microsoft Excel). For example, the CSV data may contain untrusted user input from the \"First Name\" field of a user\u0027s /myprofile page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-23T05:57:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "43396",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/43396/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.silverstripe.org/download/security-releases/ss-2017-007"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18049",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the CSV export feature of SilverStripe before 3.5.6, 3.6.x before 3.6.3, and 4.x before 4.0.1, it\u0027s possible for the output to contain macros and scripts, which may be executed if imported without sanitization into common software (including Microsoft Excel). For example, the CSV data may contain untrusted user input from the \"First Name\" field of a user\u0027s /myprofile page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "43396",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/43396/"
},
{
"name": "https://www.silverstripe.org/download/security-releases/ss-2017-007",
"refsource": "MISC",
"url": "https://www.silverstripe.org/download/security-releases/ss-2017-007"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18049",
"datePublished": "2018-01-23T06:00:00",
"dateReserved": "2018-01-22T00:00:00",
"dateUpdated": "2024-08-05T21:06:50.219Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-12204 (GCVE-0-2019-12204)
Vulnerability from cvelistv5
Published
2019-09-25 18:25
Modified
2024-08-04 23:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In SilverStripe through 4.3.3, a missing warning about leaving install.php in a public webroot can lead to unauthenticated admin access.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.silverstripe.org/download/security-releases/ | x_refsource_MISC | |
| https://forum.silverstripe.org/c/releases | x_refsource_MISC | |
| https://www.silverstripe.org/download/security-releases/CVE-2019-12204 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:17:38.108Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.silverstripe.org/download/security-releases/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://forum.silverstripe.org/c/releases"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.silverstripe.org/download/security-releases/CVE-2019-12204"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In SilverStripe through 4.3.3, a missing warning about leaving install.php in a public webroot can lead to unauthenticated admin access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-25T18:25:06",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.silverstripe.org/download/security-releases/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://forum.silverstripe.org/c/releases"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.silverstripe.org/download/security-releases/CVE-2019-12204"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-12204",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In SilverStripe through 4.3.3, a missing warning about leaving install.php in a public webroot can lead to unauthenticated admin access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.silverstripe.org/download/security-releases/",
"refsource": "MISC",
"url": "https://www.silverstripe.org/download/security-releases/"
},
{
"name": "https://forum.silverstripe.org/c/releases",
"refsource": "MISC",
"url": "https://forum.silverstripe.org/c/releases"
},
{
"name": "https://www.silverstripe.org/download/security-releases/CVE-2019-12204",
"refsource": "CONFIRM",
"url": "https://www.silverstripe.org/download/security-releases/CVE-2019-12204"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-12204",
"datePublished": "2019-09-25T18:25:06",
"dateReserved": "2019-05-20T00:00:00",
"dateUpdated": "2024-08-04T23:17:38.108Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-5091 (GCVE-0-2010-5091)
Vulnerability from cvelistv5
Published
2012-08-26 18:00
Modified
2024-09-16 23:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The setName function in filesystem/File.php in SilverStripe 2.3.x before 2.3.8 and 2.4.x before 2.4.1 allows remote authenticated users with CMS author privileges to execute arbitrary PHP code by changing the extension of an uploaded file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2012/05/01/3 | mailing-list, x_refsource_MLIST | |
| http://open.silverstripe.org/ticket/5693 | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2012/04/30/1 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2012/04/30/3 | mailing-list, x_refsource_MLIST | |
| http://dl.packetstormsecurity.net/1006-exploits/silverstripe-shell.txt | x_refsource_MISC | |
| http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.4.1 | x_refsource_CONFIRM | |
| http://open.silverstripe.org/changeset/107273 | x_refsource_CONFIRM | |
| http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.3.8 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:09:38.807Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20120501 Re: CVE-request: SilverStripe before 2.4.4",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/01/3"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://open.silverstripe.org/ticket/5693"
},
{
"name": "[oss-security] 20120430 CVE-request: SilverStripe before 2.4.4",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/1"
},
{
"name": "[oss-security] 20120430 Re: CVE-request: SilverStripe before 2.4.4",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/3"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://dl.packetstormsecurity.net/1006-exploits/silverstripe-shell.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.4.1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://open.silverstripe.org/changeset/107273"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.3.8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The setName function in filesystem/File.php in SilverStripe 2.3.x before 2.3.8 and 2.4.x before 2.4.1 allows remote authenticated users with CMS author privileges to execute arbitrary PHP code by changing the extension of an uploaded file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-08-26T18:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20120501 Re: CVE-request: SilverStripe before 2.4.4",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/01/3"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://open.silverstripe.org/ticket/5693"
},
{
"name": "[oss-security] 20120430 CVE-request: SilverStripe before 2.4.4",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/1"
},
{
"name": "[oss-security] 20120430 Re: CVE-request: SilverStripe before 2.4.4",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/3"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://dl.packetstormsecurity.net/1006-exploits/silverstripe-shell.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.4.1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://open.silverstripe.org/changeset/107273"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.3.8"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-5091",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The setName function in filesystem/File.php in SilverStripe 2.3.x before 2.3.8 and 2.4.x before 2.4.1 allows remote authenticated users with CMS author privileges to execute arbitrary PHP code by changing the extension of an uploaded file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20120501 Re: CVE-request: SilverStripe before 2.4.4",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/05/01/3"
},
{
"name": "http://open.silverstripe.org/ticket/5693",
"refsource": "MISC",
"url": "http://open.silverstripe.org/ticket/5693"
},
{
"name": "[oss-security] 20120430 CVE-request: SilverStripe before 2.4.4",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/1"
},
{
"name": "[oss-security] 20120430 Re: CVE-request: SilverStripe before 2.4.4",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/3"
},
{
"name": "http://dl.packetstormsecurity.net/1006-exploits/silverstripe-shell.txt",
"refsource": "MISC",
"url": "http://dl.packetstormsecurity.net/1006-exploits/silverstripe-shell.txt"
},
{
"name": "http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.4.1",
"refsource": "CONFIRM",
"url": "http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.4.1"
},
{
"name": "http://open.silverstripe.org/changeset/107273",
"refsource": "CONFIRM",
"url": "http://open.silverstripe.org/changeset/107273"
},
{
"name": "http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.3.8",
"refsource": "CONFIRM",
"url": "http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.3.8"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-5091",
"datePublished": "2012-08-26T18:00:00Z",
"dateReserved": "2012-04-30T00:00:00Z",
"dateUpdated": "2024-09-16T23:20:47.546Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-2653 (GCVE-0-2013-2653)
Vulnerability from cvelistv5
Published
2013-11-13 00:00
Modified
2024-09-17 00:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
security/MemberLoginForm.php in SilverStripe 3.0.3 supports login using a GET request, which makes it easier for remote attackers to conduct phishing attacks without detection by the victim.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/chillu/silverstripe-framework/commit/3e88c98ca513880e2b43ed7f27ade17fef5d9170 | x_refsource_CONFIRM | |
| http://seclists.org/bugtraq/2013/Aug/12 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:44:33.206Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/chillu/silverstripe-framework/commit/3e88c98ca513880e2b43ed7f27ade17fef5d9170"
},
{
"name": "20130801 SilverStripe(R) Information Exposure Through Query Strings in GET Request (CWE-598)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2013/Aug/12"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "security/MemberLoginForm.php in SilverStripe 3.0.3 supports login using a GET request, which makes it easier for remote attackers to conduct phishing attacks without detection by the victim."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-11-13T00:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/chillu/silverstripe-framework/commit/3e88c98ca513880e2b43ed7f27ade17fef5d9170"
},
{
"name": "20130801 SilverStripe(R) Information Exposure Through Query Strings in GET Request (CWE-598)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2013/Aug/12"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2653",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "security/MemberLoginForm.php in SilverStripe 3.0.3 supports login using a GET request, which makes it easier for remote attackers to conduct phishing attacks without detection by the victim."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/chillu/silverstripe-framework/commit/3e88c98ca513880e2b43ed7f27ade17fef5d9170",
"refsource": "CONFIRM",
"url": "https://github.com/chillu/silverstripe-framework/commit/3e88c98ca513880e2b43ed7f27ade17fef5d9170"
},
{
"name": "20130801 SilverStripe(R) Information Exposure Through Query Strings in GET Request (CWE-598)",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2013/Aug/12"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-2653",
"datePublished": "2013-11-13T00:00:00Z",
"dateReserved": "2013-03-22T00:00:00Z",
"dateUpdated": "2024-09-17T00:42:29.914Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-14273 (GCVE-0-2019-14273)
Vulnerability from cvelistv5
Published
2019-09-26 11:42
Modified
2024-08-05 00:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In SilverStripe assets 4.0, there is broken access control on files.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.silverstripe.org/download/security-releases/ | x_refsource_MISC | |
| https://www.silverstripe.org/blog/tag/release | x_refsource_MISC | |
| https://forum.silverstripe.org/c/releases | x_refsource_MISC | |
| https://www.silverstripe.org/download/security-releases/CVE-2019-14273 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:12:43.341Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.silverstripe.org/download/security-releases/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.silverstripe.org/blog/tag/release"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://forum.silverstripe.org/c/releases"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.silverstripe.org/download/security-releases/CVE-2019-14273"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In SilverStripe assets 4.0, there is broken access control on files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-26T11:43:08",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.silverstripe.org/download/security-releases/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.silverstripe.org/blog/tag/release"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://forum.silverstripe.org/c/releases"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.silverstripe.org/download/security-releases/CVE-2019-14273"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-14273",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In SilverStripe assets 4.0, there is broken access control on files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.silverstripe.org/download/security-releases/",
"refsource": "MISC",
"url": "https://www.silverstripe.org/download/security-releases/"
},
{
"name": "https://www.silverstripe.org/blog/tag/release",
"refsource": "MISC",
"url": "https://www.silverstripe.org/blog/tag/release"
},
{
"name": "https://forum.silverstripe.org/c/releases",
"refsource": "MISC",
"url": "https://forum.silverstripe.org/c/releases"
},
{
"name": "https://www.silverstripe.org/download/security-releases/CVE-2019-14273",
"refsource": "CONFIRM",
"url": "https://www.silverstripe.org/download/security-releases/CVE-2019-14273"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-14273",
"datePublished": "2019-09-26T11:42:49",
"dateReserved": "2019-07-25T00:00:00",
"dateUpdated": "2024-08-05T00:12:43.341Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-4822 (GCVE-0-2010-4822)
Vulnerability from cvelistv5
Published
2012-09-17 17:00
Modified
2024-09-17 00:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
core/model/MySQLDatabase.php in SilverStripe 2.4.x before 2.4.4, when the site is running in "live mode," allows remote attackers to obtain the SQL queries for a page via the showqueries and ajax parameters.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2012/05/01/3 | mailing-list, x_refsource_MLIST | |
| http://secunia.com/advisories/42346 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.osvdb.org/69885 | vdb-entry, x_refsource_OSVDB | |
| http://www.openwall.com/lists/oss-security/2012/04/30/1 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2012/04/30/3 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2011/01/03/12 | mailing-list, x_refsource_MLIST | |
| http://doc.silverstripe.org/framework/en/trunk/changelogs//2.4.4 | x_refsource_CONFIRM | |
| http://open.silverstripe.org/changeset/114783 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:02:29.776Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20120501 Re: CVE-request: SilverStripe before 2.4.4",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/01/3"
},
{
"name": "42346",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42346"
},
{
"name": "69885",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/69885"
},
{
"name": "[oss-security] 20120430 CVE-request: SilverStripe before 2.4.4",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/1"
},
{
"name": "[oss-security] 20120430 Re: CVE-request: SilverStripe before 2.4.4",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/3"
},
{
"name": "[oss-security] 20110104 CVE request: silverstripe before 2.4.4",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/01/03/12"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://doc.silverstripe.org/framework/en/trunk/changelogs//2.4.4"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://open.silverstripe.org/changeset/114783"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "core/model/MySQLDatabase.php in SilverStripe 2.4.x before 2.4.4, when the site is running in \"live mode,\" allows remote attackers to obtain the SQL queries for a page via the showqueries and ajax parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-09-17T17:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20120501 Re: CVE-request: SilverStripe before 2.4.4",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/01/3"
},
{
"name": "42346",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42346"
},
{
"name": "69885",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/69885"
},
{
"name": "[oss-security] 20120430 CVE-request: SilverStripe before 2.4.4",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/1"
},
{
"name": "[oss-security] 20120430 Re: CVE-request: SilverStripe before 2.4.4",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/3"
},
{
"name": "[oss-security] 20110104 CVE request: silverstripe before 2.4.4",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/01/03/12"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://doc.silverstripe.org/framework/en/trunk/changelogs//2.4.4"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://open.silverstripe.org/changeset/114783"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-4822",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "core/model/MySQLDatabase.php in SilverStripe 2.4.x before 2.4.4, when the site is running in \"live mode,\" allows remote attackers to obtain the SQL queries for a page via the showqueries and ajax parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20120501 Re: CVE-request: SilverStripe before 2.4.4",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/05/01/3"
},
{
"name": "42346",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42346"
},
{
"name": "69885",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/69885"
},
{
"name": "[oss-security] 20120430 CVE-request: SilverStripe before 2.4.4",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/1"
},
{
"name": "[oss-security] 20120430 Re: CVE-request: SilverStripe before 2.4.4",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/3"
},
{
"name": "[oss-security] 20110104 CVE request: silverstripe before 2.4.4",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/01/03/12"
},
{
"name": "http://doc.silverstripe.org/framework/en/trunk/changelogs//2.4.4",
"refsource": "CONFIRM",
"url": "http://doc.silverstripe.org/framework/en/trunk/changelogs//2.4.4"
},
{
"name": "http://open.silverstripe.org/changeset/114783",
"refsource": "CONFIRM",
"url": "http://open.silverstripe.org/changeset/114783"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-4822",
"datePublished": "2012-09-17T17:00:00Z",
"dateReserved": "2011-08-19T00:00:00Z",
"dateUpdated": "2024-09-17T00:16:31.368Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-1433 (GCVE-0-2009-1433)
Vulnerability from cvelistv5
Published
2009-04-24 23:00
Modified
2024-09-17 00:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
SQL injection vulnerability in File::find (filesystem/File.php) in SilverStripe before 2.3.1 allows remote attackers to execute arbitrary SQL commands via the filename parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://open.silverstripe.com/wiki/ChangeLog/2.3.1 | x_refsource_CONFIRM | |
| http://open.silverstripe.com/ticket/3721 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/34485 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/34633 | third-party-advisory, x_refsource_SECUNIA | |
| http://osvdb.org/53589 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:13:25.567Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://open.silverstripe.com/wiki/ChangeLog/2.3.1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://open.silverstripe.com/ticket/3721"
},
{
"name": "34485",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34485"
},
{
"name": "34633",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34633"
},
{
"name": "53589",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/53589"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in File::find (filesystem/File.php) in SilverStripe before 2.3.1 allows remote attackers to execute arbitrary SQL commands via the filename parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-04-24T23:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://open.silverstripe.com/wiki/ChangeLog/2.3.1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://open.silverstripe.com/ticket/3721"
},
{
"name": "34485",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34485"
},
{
"name": "34633",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34633"
},
{
"name": "53589",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/53589"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1433",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in File::find (filesystem/File.php) in SilverStripe before 2.3.1 allows remote attackers to execute arbitrary SQL commands via the filename parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://open.silverstripe.com/wiki/ChangeLog/2.3.1",
"refsource": "CONFIRM",
"url": "http://open.silverstripe.com/wiki/ChangeLog/2.3.1"
},
{
"name": "http://open.silverstripe.com/ticket/3721",
"refsource": "CONFIRM",
"url": "http://open.silverstripe.com/ticket/3721"
},
{
"name": "34485",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34485"
},
{
"name": "34633",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34633"
},
{
"name": "53589",
"refsource": "OSVDB",
"url": "http://osvdb.org/53589"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1433",
"datePublished": "2009-04-24T23:00:00Z",
"dateReserved": "2009-04-24T00:00:00Z",
"dateUpdated": "2024-09-17T00:55:49.405Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-5063 (GCVE-0-2015-5063)
Vulnerability from cvelistv5
Published
2015-06-24 14:00
Modified
2024-08-06 06:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple cross-site scripting (XSS) vulnerabilities in SilverStripe CMS & Framework 3.1.13 allow remote attackers to inject arbitrary web script or HTML via the (1) admin_username or (2) admin_password parameter to install.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://packetstormsecurity.com/files/132223/SilverStripe-CMS-3.1.13-XSS-Open-Redirect.html | x_refsource_MISC | |
| http://hyp3rlinx.altervista.org/advisories/AS-SILVERSTRIPE0607.txt | x_refsource_MISC | |
| http://www.securityfocus.com/archive/1/535716/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:32:32.761Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/132223/SilverStripe-CMS-3.1.13-XSS-Open-Redirect.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://hyp3rlinx.altervista.org/advisories/AS-SILVERSTRIPE0607.txt"
},
{
"name": "20150609 SilverStripe CMS Unvalidated Redirect \u0026 XSS vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/535716/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-06-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in SilverStripe CMS \u0026 Framework 3.1.13 allow remote attackers to inject arbitrary web script or HTML via the (1) admin_username or (2) admin_password parameter to install.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/132223/SilverStripe-CMS-3.1.13-XSS-Open-Redirect.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://hyp3rlinx.altervista.org/advisories/AS-SILVERSTRIPE0607.txt"
},
{
"name": "20150609 SilverStripe CMS Unvalidated Redirect \u0026 XSS vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/535716/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-5063",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in SilverStripe CMS \u0026 Framework 3.1.13 allow remote attackers to inject arbitrary web script or HTML via the (1) admin_username or (2) admin_password parameter to install.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/132223/SilverStripe-CMS-3.1.13-XSS-Open-Redirect.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/132223/SilverStripe-CMS-3.1.13-XSS-Open-Redirect.html"
},
{
"name": "http://hyp3rlinx.altervista.org/advisories/AS-SILVERSTRIPE0607.txt",
"refsource": "MISC",
"url": "http://hyp3rlinx.altervista.org/advisories/AS-SILVERSTRIPE0607.txt"
},
{
"name": "20150609 SilverStripe CMS Unvalidated Redirect \u0026 XSS vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/535716/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-5063",
"datePublished": "2015-06-24T14:00:00",
"dateReserved": "2015-06-24T00:00:00",
"dateUpdated": "2024-08-06T06:32:32.761Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-12203 (GCVE-0-2019-12203)
Vulnerability from cvelistv5
Published
2019-09-25 18:45
Modified
2024-08-04 23:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
SilverStripe through 4.3.3 allows session fixation in the "change password" form.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.silverstripe.org/download/security-releases/ | x_refsource_MISC | |
| https://forum.silverstripe.org/c/releases | x_refsource_MISC | |
| https://www.silverstripe.org/download/security-releases/CVE-2019-12203 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:17:38.116Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.silverstripe.org/download/security-releases/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://forum.silverstripe.org/c/releases"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.silverstripe.org/download/security-releases/CVE-2019-12203"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SilverStripe through 4.3.3 allows session fixation in the \"change password\" form."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-25T18:45:44",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.silverstripe.org/download/security-releases/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://forum.silverstripe.org/c/releases"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.silverstripe.org/download/security-releases/CVE-2019-12203"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-12203",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SilverStripe through 4.3.3 allows session fixation in the \"change password\" form."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.silverstripe.org/download/security-releases/",
"refsource": "MISC",
"url": "https://www.silverstripe.org/download/security-releases/"
},
{
"name": "https://forum.silverstripe.org/c/releases",
"refsource": "MISC",
"url": "https://forum.silverstripe.org/c/releases"
},
{
"name": "https://www.silverstripe.org/download/security-releases/CVE-2019-12203",
"refsource": "CONFIRM",
"url": "https://www.silverstripe.org/download/security-releases/CVE-2019-12203"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-12203",
"datePublished": "2019-09-25T18:45:44",
"dateReserved": "2019-05-19T00:00:00",
"dateUpdated": "2024-08-04T23:17:38.116Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-6753 (GCVE-0-2008-6753)
Vulnerability from cvelistv5
Published
2009-04-27 17:43
Modified
2024-08-07 11:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
SQL injection vulnerability in SilverStripe before 2.2.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to AjaxUniqueTextField.
References
| ▼ | URL | Tags |
|---|---|---|
| http://silverstripe.org/archive/show/43794 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/50368 | vdb-entry, x_refsource_XF | |
| http://www.openwall.com/lists/oss-security/2009/04/13/2 | mailing-list, x_refsource_MLIST | |
| http://www.securityfocus.com/bid/34852 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:42:00.445Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://silverstripe.org/archive/show/43794"
},
{
"name": "silverstripe-ajaxuniquetext-sql-injection(50368)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50368"
},
{
"name": "[oss-security] 20090413 CVE request: silverstripe - two sql injections",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2009/04/13/2"
},
{
"name": "34852",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34852"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-03-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in SilverStripe before 2.2.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to AjaxUniqueTextField."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://silverstripe.org/archive/show/43794"
},
{
"name": "silverstripe-ajaxuniquetext-sql-injection(50368)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50368"
},
{
"name": "[oss-security] 20090413 CVE request: silverstripe - two sql injections",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2009/04/13/2"
},
{
"name": "34852",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34852"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6753",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in SilverStripe before 2.2.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to AjaxUniqueTextField."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://silverstripe.org/archive/show/43794",
"refsource": "CONFIRM",
"url": "http://silverstripe.org/archive/show/43794"
},
{
"name": "silverstripe-ajaxuniquetext-sql-injection(50368)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50368"
},
{
"name": "[oss-security] 20090413 CVE request: silverstripe - two sql injections",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/04/13/2"
},
{
"name": "34852",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34852"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6753",
"datePublished": "2009-04-27T17:43:00",
"dateReserved": "2009-04-27T00:00:00",
"dateUpdated": "2024-08-07T11:42:00.445Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-5088 (GCVE-0-2010-5088)
Vulnerability from cvelistv5
Published
2012-08-26 18:00
Modified
2024-08-07 04:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in SilverStripe 2.3.x before 2.3.9 and 2.4.x before 2.4.3 allow remote attackers to hijack the authentication of administrators via destructive controller actions, a different vulnerability than CVE-2010-5087.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/41717 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.openwall.com/lists/oss-security/2012/05/01/3 | mailing-list, x_refsource_MLIST | |
| http://open.silverstripe.org/changeset/113275 | x_refsource_CONFIRM | |
| http://holisticinfosec.org/content/view/157/45/ | x_refsource_MISC | |
| http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.3.9 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/44768 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/63156 | vdb-entry, x_refsource_XF | |
| http://www.openwall.com/lists/oss-security/2012/04/30/1 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2012/04/30/3 | mailing-list, x_refsource_MLIST | |
| http://www.osvdb.org/69113 | vdb-entry, x_refsource_OSVDB | |
| http://www.openwall.com/lists/oss-security/2011/01/03/12 | mailing-list, x_refsource_MLIST | |
| http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.4.3 | x_refsource_CONFIRM | |
| http://open.silverstripe.org/changeset/113282 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:09:38.936Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "41717",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/41717"
},
{
"name": "[oss-security] 20120501 Re: CVE-request: SilverStripe before 2.4.4",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/01/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://open.silverstripe.org/changeset/113275"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://holisticinfosec.org/content/view/157/45/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.3.9"
},
{
"name": "44768",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/44768"
},
{
"name": "silverstripe-interfaces-csrf(63156)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/63156"
},
{
"name": "[oss-security] 20120430 CVE-request: SilverStripe before 2.4.4",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/1"
},
{
"name": "[oss-security] 20120430 Re: CVE-request: SilverStripe before 2.4.4",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/3"
},
{
"name": "69113",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/69113"
},
{
"name": "[oss-security] 20110104 CVE request: silverstripe before 2.4.4",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/01/03/12"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.4.3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://open.silverstripe.org/changeset/113282"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-11-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in SilverStripe 2.3.x before 2.3.9 and 2.4.x before 2.4.3 allow remote attackers to hijack the authentication of administrators via destructive controller actions, a different vulnerability than CVE-2010-5087."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "41717",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/41717"
},
{
"name": "[oss-security] 20120501 Re: CVE-request: SilverStripe before 2.4.4",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/01/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://open.silverstripe.org/changeset/113275"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://holisticinfosec.org/content/view/157/45/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.3.9"
},
{
"name": "44768",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/44768"
},
{
"name": "silverstripe-interfaces-csrf(63156)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/63156"
},
{
"name": "[oss-security] 20120430 CVE-request: SilverStripe before 2.4.4",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/1"
},
{
"name": "[oss-security] 20120430 Re: CVE-request: SilverStripe before 2.4.4",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/3"
},
{
"name": "69113",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/69113"
},
{
"name": "[oss-security] 20110104 CVE request: silverstripe before 2.4.4",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/01/03/12"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.4.3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://open.silverstripe.org/changeset/113282"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-5088",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in SilverStripe 2.3.x before 2.3.9 and 2.4.x before 2.4.3 allow remote attackers to hijack the authentication of administrators via destructive controller actions, a different vulnerability than CVE-2010-5087."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "41717",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41717"
},
{
"name": "[oss-security] 20120501 Re: CVE-request: SilverStripe before 2.4.4",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/05/01/3"
},
{
"name": "http://open.silverstripe.org/changeset/113275",
"refsource": "CONFIRM",
"url": "http://open.silverstripe.org/changeset/113275"
},
{
"name": "http://holisticinfosec.org/content/view/157/45/",
"refsource": "MISC",
"url": "http://holisticinfosec.org/content/view/157/45/"
},
{
"name": "http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.3.9",
"refsource": "CONFIRM",
"url": "http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.3.9"
},
{
"name": "44768",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/44768"
},
{
"name": "silverstripe-interfaces-csrf(63156)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/63156"
},
{
"name": "[oss-security] 20120430 CVE-request: SilverStripe before 2.4.4",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/1"
},
{
"name": "[oss-security] 20120430 Re: CVE-request: SilverStripe before 2.4.4",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/3"
},
{
"name": "69113",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/69113"
},
{
"name": "[oss-security] 20110104 CVE request: silverstripe before 2.4.4",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/01/03/12"
},
{
"name": "http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.4.3",
"refsource": "CONFIRM",
"url": "http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.4.3"
},
{
"name": "http://open.silverstripe.org/changeset/113282",
"refsource": "CONFIRM",
"url": "http://open.silverstripe.org/changeset/113282"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-5088",
"datePublished": "2012-08-26T18:00:00",
"dateReserved": "2012-04-30T00:00:00",
"dateUpdated": "2024-08-07T04:09:38.936Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-19326 (GCVE-0-2019-19326)
Vulnerability from cvelistv5
Published
2020-07-15 18:54
Modified
2024-08-05 02:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Silverstripe CMS sites through 4.4.4 which have opted into HTTP Cache Headers on responses served by the framework's HTTP layer can be vulnerable to web cache poisoning. Through modifying the X-Original-Url and X-HTTP-Method-Override headers, responses with malicious HTTP headers can return unexpected responses to other consumers of this cached response. Most other headers associated with web cache poisoning are already disabled through request hostname forgery whitelists.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.silverstripe.org/download/security-releases/CVE-2019-19326 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:16:46.998Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.silverstripe.org/download/security-releases/CVE-2019-19326"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Silverstripe CMS sites through 4.4.4 which have opted into HTTP Cache Headers on responses served by the framework\u0027s HTTP layer can be vulnerable to web cache poisoning. Through modifying the X-Original-Url and X-HTTP-Method-Override headers, responses with malicious HTTP headers can return unexpected responses to other consumers of this cached response. Most other headers associated with web cache poisoning are already disabled through request hostname forgery whitelists."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-15T21:56:41",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.silverstripe.org/download/security-releases/CVE-2019-19326"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-19326",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Silverstripe CMS sites through 4.4.4 which have opted into HTTP Cache Headers on responses served by the framework\u0027s HTTP layer can be vulnerable to web cache poisoning. Through modifying the X-Original-Url and X-HTTP-Method-Override headers, responses with malicious HTTP headers can return unexpected responses to other consumers of this cached response. Most other headers associated with web cache poisoning are already disabled through request hostname forgery whitelists."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.silverstripe.org/download/security-releases/CVE-2019-19326",
"refsource": "CONFIRM",
"url": "https://www.silverstripe.org/download/security-releases/CVE-2019-19326"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-19326",
"datePublished": "2020-07-15T18:54:55",
"dateReserved": "2019-11-27T00:00:00",
"dateUpdated": "2024-08-05T02:16:46.998Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-5080 (GCVE-0-2010-5080)
Vulnerability from cvelistv5
Published
2012-08-26 18:00
Modified
2024-09-16 20:52
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The Security/changepassword URL action in SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4 passes a token as a GET parameter while changing a password through email, which allows remote attackers to obtain sensitive data and hijack the session via the HTTP referer logs on a server, aka "HTTP referer leakage."
References
| ▼ | URL | Tags |
|---|---|---|
| http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.3.10 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2012/05/01/3 | mailing-list, x_refsource_MLIST | |
| http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.4.4 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/42346 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.openwall.com/lists/oss-security/2012/04/30/1 | mailing-list, x_refsource_MLIST | |
| http://www.osvdb.org/69887 | vdb-entry, x_refsource_OSVDB | |
| http://www.openwall.com/lists/oss-security/2012/04/30/3 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2011/01/03/12 | mailing-list, x_refsource_MLIST | |
| http://open.silverstripe.org/changeset/114758 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:09:38.941Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.3.10"
},
{
"name": "[oss-security] 20120501 Re: CVE-request: SilverStripe before 2.4.4",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/01/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.4.4"
},
{
"name": "42346",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42346"
},
{
"name": "[oss-security] 20120430 CVE-request: SilverStripe before 2.4.4",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/1"
},
{
"name": "69887",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/69887"
},
{
"name": "[oss-security] 20120430 Re: CVE-request: SilverStripe before 2.4.4",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/3"
},
{
"name": "[oss-security] 20110104 CVE request: silverstripe before 2.4.4",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/01/03/12"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://open.silverstripe.org/changeset/114758"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Security/changepassword URL action in SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4 passes a token as a GET parameter while changing a password through email, which allows remote attackers to obtain sensitive data and hijack the session via the HTTP referer logs on a server, aka \"HTTP referer leakage.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-08-26T18:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.3.10"
},
{
"name": "[oss-security] 20120501 Re: CVE-request: SilverStripe before 2.4.4",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/01/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.4.4"
},
{
"name": "42346",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42346"
},
{
"name": "[oss-security] 20120430 CVE-request: SilverStripe before 2.4.4",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/1"
},
{
"name": "69887",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/69887"
},
{
"name": "[oss-security] 20120430 Re: CVE-request: SilverStripe before 2.4.4",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/3"
},
{
"name": "[oss-security] 20110104 CVE request: silverstripe before 2.4.4",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/01/03/12"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://open.silverstripe.org/changeset/114758"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-5080",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Security/changepassword URL action in SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4 passes a token as a GET parameter while changing a password through email, which allows remote attackers to obtain sensitive data and hijack the session via the HTTP referer logs on a server, aka \"HTTP referer leakage.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.3.10",
"refsource": "CONFIRM",
"url": "http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.3.10"
},
{
"name": "[oss-security] 20120501 Re: CVE-request: SilverStripe before 2.4.4",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/05/01/3"
},
{
"name": "http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.4.4",
"refsource": "CONFIRM",
"url": "http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.4.4"
},
{
"name": "42346",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42346"
},
{
"name": "[oss-security] 20120430 CVE-request: SilverStripe before 2.4.4",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/1"
},
{
"name": "69887",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/69887"
},
{
"name": "[oss-security] 20120430 Re: CVE-request: SilverStripe before 2.4.4",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/3"
},
{
"name": "[oss-security] 20110104 CVE request: silverstripe before 2.4.4",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/01/03/12"
},
{
"name": "http://open.silverstripe.org/changeset/114758",
"refsource": "CONFIRM",
"url": "http://open.silverstripe.org/changeset/114758"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-5080",
"datePublished": "2012-08-26T18:00:00Z",
"dateReserved": "2011-12-19T00:00:00Z",
"dateUpdated": "2024-09-16T20:52:56.965Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-14498 (GCVE-0-2017-14498)
Vulnerability from cvelistv5
Published
2017-09-15 18:00
Modified
2024-08-05 19:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
SilverStripe CMS before 3.6.1 has XSS via an SVG document that is mishandled by (1) the Insert Media option in the content editor or (2) an admin/assets/add pathname, as demonstrated by the admin/pages/edit/EditorToolbar/MediaForm/field/AssetUploadField/upload URI, aka issue SS-2017-017.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:27:40.642Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.openwall.net/full-disclosure/2017/09/14/2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/silverstripe/silverstripe-framework/commit/25b77a2ff8deabe8e8894002b9a5647eaec27b0a"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.silverstripe.org/en/3/changelogs/3.6.1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/silverstripe/silverstripe-installer/commit/c25478bef75cc5482852e80a1fa6f1f0e6460e39"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-09-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SilverStripe CMS before 3.6.1 has XSS via an SVG document that is mishandled by (1) the Insert Media option in the content editor or (2) an admin/assets/add pathname, as demonstrated by the admin/pages/edit/EditorToolbar/MediaForm/field/AssetUploadField/upload URI, aka issue SS-2017-017."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-15T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.openwall.net/full-disclosure/2017/09/14/2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/silverstripe/silverstripe-framework/commit/25b77a2ff8deabe8e8894002b9a5647eaec27b0a"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.silverstripe.org/en/3/changelogs/3.6.1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/silverstripe/silverstripe-installer/commit/c25478bef75cc5482852e80a1fa6f1f0e6460e39"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14498",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SilverStripe CMS before 3.6.1 has XSS via an SVG document that is mishandled by (1) the Insert Media option in the content editor or (2) an admin/assets/add pathname, as demonstrated by the admin/pages/edit/EditorToolbar/MediaForm/field/AssetUploadField/upload URI, aka issue SS-2017-017."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://lists.openwall.net/full-disclosure/2017/09/14/2",
"refsource": "MISC",
"url": "http://lists.openwall.net/full-disclosure/2017/09/14/2"
},
{
"name": "https://github.com/silverstripe/silverstripe-framework/commit/25b77a2ff8deabe8e8894002b9a5647eaec27b0a",
"refsource": "MISC",
"url": "https://github.com/silverstripe/silverstripe-framework/commit/25b77a2ff8deabe8e8894002b9a5647eaec27b0a"
},
{
"name": "https://docs.silverstripe.org/en/3/changelogs/3.6.1",
"refsource": "MISC",
"url": "https://docs.silverstripe.org/en/3/changelogs/3.6.1"
},
{
"name": "https://github.com/silverstripe/silverstripe-installer/commit/c25478bef75cc5482852e80a1fa6f1f0e6460e39",
"refsource": "MISC",
"url": "https://github.com/silverstripe/silverstripe-installer/commit/c25478bef75cc5482852e80a1fa6f1f0e6460e39"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-14498",
"datePublished": "2017-09-15T18:00:00",
"dateReserved": "2017-09-15T00:00:00",
"dateUpdated": "2024-08-05T19:27:40.642Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-6164 (GCVE-0-2020-6164)
Vulnerability from cvelistv5
Published
2020-07-15 20:32
Modified
2024-08-04 08:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In SilverStripe through 4.5.0, a specific URL path configured by default through the silverstripe/framework module can be used to disclose the fact that a domain is hosting a Silverstripe application. There is no disclosure of the specific version. The functionality on this URL path is limited to execution in a CLI context, and is not known to present a vulnerability through web-based access. As a side-effect, this preconfigured path also blocks the creation of other resources on this path (e.g. a page).
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.silverstripe.org/download/security-releases/CVE-2020-6164 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:55:21.841Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.silverstripe.org/download/security-releases/CVE-2020-6164"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2020-07-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In SilverStripe through 4.5.0, a specific URL path configured by default through the silverstripe/framework module can be used to disclose the fact that a domain is hosting a Silverstripe application. There is no disclosure of the specific version. The functionality on this URL path is limited to execution in a CLI context, and is not known to present a vulnerability through web-based access. As a side-effect, this preconfigured path also blocks the creation of other resources on this path (e.g. a page)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-15T20:32:16",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.silverstripe.org/download/security-releases/CVE-2020-6164"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-6164",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In SilverStripe through 4.5.0, a specific URL path configured by default through the silverstripe/framework module can be used to disclose the fact that a domain is hosting a Silverstripe application. There is no disclosure of the specific version. The functionality on this URL path is limited to execution in a CLI context, and is not known to present a vulnerability through web-based access. As a side-effect, this preconfigured path also blocks the creation of other resources on this path (e.g. a page)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.silverstripe.org/download/security-releases/CVE-2020-6164",
"refsource": "CONFIRM",
"url": "https://www.silverstripe.org/download/security-releases/CVE-2020-6164"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-6164",
"datePublished": "2020-07-15T20:32:16",
"dateReserved": "2020-01-08T00:00:00",
"dateUpdated": "2024-08-04T08:55:21.841Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-5089 (GCVE-0-2010-5089)
Vulnerability from cvelistv5
Published
2012-08-26 18:00
Modified
2024-09-16 18:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
SilverStripe before 2.4.2 does not properly restrict access to pages in draft mode, which allows remote attackers to obtain sensitive information.
References
| ▼ | URL | Tags |
|---|---|---|
| http://open.silverstripe.org/changeset/110757 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2012/05/01/3 | mailing-list, x_refsource_MLIST | |
| http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.4.2 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2012/04/30/1 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2012/04/30/3 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:09:38.967Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://open.silverstripe.org/changeset/110757"
},
{
"name": "[oss-security] 20120501 Re: CVE-request: SilverStripe before 2.4.4",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/01/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.4.2"
},
{
"name": "[oss-security] 20120430 CVE-request: SilverStripe before 2.4.4",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/1"
},
{
"name": "[oss-security] 20120430 Re: CVE-request: SilverStripe before 2.4.4",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SilverStripe before 2.4.2 does not properly restrict access to pages in draft mode, which allows remote attackers to obtain sensitive information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-08-26T18:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://open.silverstripe.org/changeset/110757"
},
{
"name": "[oss-security] 20120501 Re: CVE-request: SilverStripe before 2.4.4",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/01/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.4.2"
},
{
"name": "[oss-security] 20120430 CVE-request: SilverStripe before 2.4.4",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/1"
},
{
"name": "[oss-security] 20120430 Re: CVE-request: SilverStripe before 2.4.4",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-5089",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SilverStripe before 2.4.2 does not properly restrict access to pages in draft mode, which allows remote attackers to obtain sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://open.silverstripe.org/changeset/110757",
"refsource": "CONFIRM",
"url": "http://open.silverstripe.org/changeset/110757"
},
{
"name": "[oss-security] 20120501 Re: CVE-request: SilverStripe before 2.4.4",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/05/01/3"
},
{
"name": "http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.4.2",
"refsource": "CONFIRM",
"url": "http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.4.2"
},
{
"name": "[oss-security] 20120430 CVE-request: SilverStripe before 2.4.4",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/1"
},
{
"name": "[oss-security] 20120430 Re: CVE-request: SilverStripe before 2.4.4",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-5089",
"datePublished": "2012-08-26T18:00:00Z",
"dateReserved": "2012-04-30T00:00:00Z",
"dateUpdated": "2024-09-16T18:19:25.429Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-5078 (GCVE-0-2010-5078)
Vulnerability from cvelistv5
Published
2012-09-17 17:00
Modified
2024-08-07 04:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain version information via a direct request to (1) apphire/silverstripe_version or (2) cms/silverstripe_version.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2012/05/01/3 | mailing-list, x_refsource_MLIST | |
| http://www.osvdb.org/69888 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/45367 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/42346 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.openwall.com/lists/oss-security/2012/04/30/1 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2012/04/30/3 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2011/01/03/12 | mailing-list, x_refsource_MLIST | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/63990 | vdb-entry, x_refsource_XF | |
| http://doc.silverstripe.org/framework/en/trunk/changelogs//2.4.4 | x_refsource_CONFIRM | |
| http://open.silverstripe.org/ticket/5031 | x_refsource_CONFIRM | |
| http://doc.silverstripe.org/framework/en/trunk/changelogs//2.3.10 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:09:38.915Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20120501 Re: CVE-request: SilverStripe before 2.4.4",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/01/3"
},
{
"name": "69888",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/69888"
},
{
"name": "45367",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/45367"
},
{
"name": "42346",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42346"
},
{
"name": "[oss-security] 20120430 CVE-request: SilverStripe before 2.4.4",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/1"
},
{
"name": "[oss-security] 20120430 Re: CVE-request: SilverStripe before 2.4.4",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/3"
},
{
"name": "[oss-security] 20110104 CVE request: silverstripe before 2.4.4",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/01/03/12"
},
{
"name": "silverstripe-silverstripeversion-info-disc(63990)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/63990"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://doc.silverstripe.org/framework/en/trunk/changelogs//2.4.4"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://open.silverstripe.org/ticket/5031"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://doc.silverstripe.org/framework/en/trunk/changelogs//2.3.10"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-02-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain version information via a direct request to (1) apphire/silverstripe_version or (2) cms/silverstripe_version."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20120501 Re: CVE-request: SilverStripe before 2.4.4",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/01/3"
},
{
"name": "69888",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/69888"
},
{
"name": "45367",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/45367"
},
{
"name": "42346",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42346"
},
{
"name": "[oss-security] 20120430 CVE-request: SilverStripe before 2.4.4",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/1"
},
{
"name": "[oss-security] 20120430 Re: CVE-request: SilverStripe before 2.4.4",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/3"
},
{
"name": "[oss-security] 20110104 CVE request: silverstripe before 2.4.4",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/01/03/12"
},
{
"name": "silverstripe-silverstripeversion-info-disc(63990)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/63990"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://doc.silverstripe.org/framework/en/trunk/changelogs//2.4.4"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://open.silverstripe.org/ticket/5031"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://doc.silverstripe.org/framework/en/trunk/changelogs//2.3.10"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-5078",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain version information via a direct request to (1) apphire/silverstripe_version or (2) cms/silverstripe_version."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20120501 Re: CVE-request: SilverStripe before 2.4.4",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/05/01/3"
},
{
"name": "69888",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/69888"
},
{
"name": "45367",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45367"
},
{
"name": "42346",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42346"
},
{
"name": "[oss-security] 20120430 CVE-request: SilverStripe before 2.4.4",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/1"
},
{
"name": "[oss-security] 20120430 Re: CVE-request: SilverStripe before 2.4.4",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/3"
},
{
"name": "[oss-security] 20110104 CVE request: silverstripe before 2.4.4",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/01/03/12"
},
{
"name": "silverstripe-silverstripeversion-info-disc(63990)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/63990"
},
{
"name": "http://doc.silverstripe.org/framework/en/trunk/changelogs//2.4.4",
"refsource": "CONFIRM",
"url": "http://doc.silverstripe.org/framework/en/trunk/changelogs//2.4.4"
},
{
"name": "http://open.silverstripe.org/ticket/5031",
"refsource": "CONFIRM",
"url": "http://open.silverstripe.org/ticket/5031"
},
{
"name": "http://doc.silverstripe.org/framework/en/trunk/changelogs//2.3.10",
"refsource": "CONFIRM",
"url": "http://doc.silverstripe.org/framework/en/trunk/changelogs//2.3.10"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-5078",
"datePublished": "2012-09-17T17:00:00",
"dateReserved": "2011-12-19T00:00:00",
"dateUpdated": "2024-08-07T04:09:38.915Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-4968 (GCVE-0-2012-4968)
Vulnerability from cvelistv5
Published
2012-09-17 17:00
Modified
2024-09-16 19:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple cross-site scripting (XSS) vulnerabilities in SilverStripe 2.3.x before 2.3.13 and 2.4.x before 2.4.7 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted string to the AbsoluteLinks, (2) BigSummary, (3) ContextSummary, (4) EscapeXML, (5) FirstParagraph, (6) FirstSentence, (7) Initial, (8) LimitCharacters, (9) LimitSentences, (10) LimitWordCount, (11) LimitWordCountXML, (12) Lower, (13) LowerCase, (14) NoHTML, (15) Summary, (16) Upper, (17) UpperCase, or (18) URL method in a template, different vectors than CVE-2012-0976.
References
| ▼ | URL | Tags |
|---|---|---|
| http://doc.silverstripe.org/framework/en/trunk/changelogs/2.4.7 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2012/04/30/1 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2012/04/30/3 | mailing-list, x_refsource_MLIST | |
| http://doc.silverstripe.org/framework/en/trunk/changelogs/2.3.13 | x_refsource_CONFIRM | |
| https://github.com/silverstripe/sapphire/commit/0085876 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:50:18.409Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://doc.silverstripe.org/framework/en/trunk/changelogs/2.4.7"
},
{
"name": "[oss-security] 20120430 CVE-request: SilverStripe before 2.4.4",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/1"
},
{
"name": "[oss-security] 20120430 Re: CVE-request: SilverStripe before 2.4.4",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://doc.silverstripe.org/framework/en/trunk/changelogs/2.3.13"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/silverstripe/sapphire/commit/0085876"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in SilverStripe 2.3.x before 2.3.13 and 2.4.x before 2.4.7 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted string to the AbsoluteLinks, (2) BigSummary, (3) ContextSummary, (4) EscapeXML, (5) FirstParagraph, (6) FirstSentence, (7) Initial, (8) LimitCharacters, (9) LimitSentences, (10) LimitWordCount, (11) LimitWordCountXML, (12) Lower, (13) LowerCase, (14) NoHTML, (15) Summary, (16) Upper, (17) UpperCase, or (18) URL method in a template, different vectors than CVE-2012-0976."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-09-17T17:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://doc.silverstripe.org/framework/en/trunk/changelogs/2.4.7"
},
{
"name": "[oss-security] 20120430 CVE-request: SilverStripe before 2.4.4",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/1"
},
{
"name": "[oss-security] 20120430 Re: CVE-request: SilverStripe before 2.4.4",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://doc.silverstripe.org/framework/en/trunk/changelogs/2.3.13"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/silverstripe/sapphire/commit/0085876"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-4968",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in SilverStripe 2.3.x before 2.3.13 and 2.4.x before 2.4.7 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted string to the AbsoluteLinks, (2) BigSummary, (3) ContextSummary, (4) EscapeXML, (5) FirstParagraph, (6) FirstSentence, (7) Initial, (8) LimitCharacters, (9) LimitSentences, (10) LimitWordCount, (11) LimitWordCountXML, (12) Lower, (13) LowerCase, (14) NoHTML, (15) Summary, (16) Upper, (17) UpperCase, or (18) URL method in a template, different vectors than CVE-2012-0976."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://doc.silverstripe.org/framework/en/trunk/changelogs/2.4.7",
"refsource": "CONFIRM",
"url": "http://doc.silverstripe.org/framework/en/trunk/changelogs/2.4.7"
},
{
"name": "[oss-security] 20120430 CVE-request: SilverStripe before 2.4.4",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/1"
},
{
"name": "[oss-security] 20120430 Re: CVE-request: SilverStripe before 2.4.4",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/3"
},
{
"name": "http://doc.silverstripe.org/framework/en/trunk/changelogs/2.3.13",
"refsource": "CONFIRM",
"url": "http://doc.silverstripe.org/framework/en/trunk/changelogs/2.3.13"
},
{
"name": "https://github.com/silverstripe/sapphire/commit/0085876",
"refsource": "CONFIRM",
"url": "https://github.com/silverstripe/sapphire/commit/0085876"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-4968",
"datePublished": "2012-09-17T17:00:00Z",
"dateReserved": "2012-09-17T00:00:00Z",
"dateUpdated": "2024-09-16T19:11:05.166Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-16409 (GCVE-0-2019-16409)
Vulnerability from cvelistv5
Published
2019-09-26 14:36
Modified
2024-08-05 01:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In the Versioned Files module through 2.0.3 for SilverStripe 3.x, unpublished versions of files are publicly exposed to anyone who can guess their URL. This guess could be highly informed by a basic understanding of the symbiote/silverstripe-versionedfiles source code. (Users who upgrade from SilverStripe 3.x to 4.x and had Versioned Files installed have no further need for this module, because the 4.x release has built-in versioning. However, nothing in the upgrade process automates the destruction of these insecure artefacts, nor alerts the user to the criticality of destruction.)
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/symbiote/silverstripe-versionedfiles | x_refsource_MISC | |
| https://github.com/silverstripe/silverstripe-framework | x_refsource_MISC | |
| https://www.silverstripe.org/download/security-releases/cve-2019-16409 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:17:39.578Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/symbiote/silverstripe-versionedfiles"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/silverstripe/silverstripe-framework"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.silverstripe.org/download/security-releases/cve-2019-16409"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Versioned Files module through 2.0.3 for SilverStripe 3.x, unpublished versions of files are publicly exposed to anyone who can guess their URL. This guess could be highly informed by a basic understanding of the symbiote/silverstripe-versionedfiles source code. (Users who upgrade from SilverStripe 3.x to 4.x and had Versioned Files installed have no further need for this module, because the 4.x release has built-in versioning. However, nothing in the upgrade process automates the destruction of these insecure artefacts, nor alerts the user to the criticality of destruction.)"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-26T14:36:39",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/symbiote/silverstripe-versionedfiles"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/silverstripe/silverstripe-framework"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.silverstripe.org/download/security-releases/cve-2019-16409"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-16409",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Versioned Files module through 2.0.3 for SilverStripe 3.x, unpublished versions of files are publicly exposed to anyone who can guess their URL. This guess could be highly informed by a basic understanding of the symbiote/silverstripe-versionedfiles source code. (Users who upgrade from SilverStripe 3.x to 4.x and had Versioned Files installed have no further need for this module, because the 4.x release has built-in versioning. However, nothing in the upgrade process automates the destruction of these insecure artefacts, nor alerts the user to the criticality of destruction.)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/symbiote/silverstripe-versionedfiles",
"refsource": "MISC",
"url": "https://github.com/symbiote/silverstripe-versionedfiles"
},
{
"name": "https://github.com/silverstripe/silverstripe-framework",
"refsource": "MISC",
"url": "https://github.com/silverstripe/silverstripe-framework"
},
{
"name": "https://www.silverstripe.org/download/security-releases/cve-2019-16409",
"refsource": "CONFIRM",
"url": "https://www.silverstripe.org/download/security-releases/cve-2019-16409"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-16409",
"datePublished": "2019-09-26T14:36:27",
"dateReserved": "2019-09-18T00:00:00",
"dateUpdated": "2024-08-05T01:17:39.578Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9280 (GCVE-0-2020-9280)
Vulnerability from cvelistv5
Published
2020-04-15 20:18
Modified
2024-08-04 10:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In SilverStripe through 4.5, files uploaded via Forms to folders migrated from Silverstripe CMS 3.x may be put to the default "/Uploads" folder instead. This affects installations which allowed upload folder protection via the optional silverstripe/secureassets module under 3.x. This module is installed and enabled by default on the Common Web Platform (CWP). The vulnerability only affects files uploaded after an upgrade to 4.x.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.silverstripe.org/download/security-releases/ | x_refsource_CONFIRM | |
| https://forum.silverstripe.org/c/releases | x_refsource_MISC | |
| https://www.silverstripe.org/download/security-releases/cve-2020-9280 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:26:15.922Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.silverstripe.org/download/security-releases/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://forum.silverstripe.org/c/releases"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.silverstripe.org/download/security-releases/cve-2020-9280"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In SilverStripe through 4.5, files uploaded via Forms to folders migrated from Silverstripe CMS 3.x may be put to the default \"/Uploads\" folder instead. This affects installations which allowed upload folder protection via the optional silverstripe/secureassets module under 3.x. This module is installed and enabled by default on the Common Web Platform (CWP). The vulnerability only affects files uploaded after an upgrade to 4.x."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-15T20:18:14",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.silverstripe.org/download/security-releases/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://forum.silverstripe.org/c/releases"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.silverstripe.org/download/security-releases/cve-2020-9280"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-9280",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In SilverStripe through 4.5, files uploaded via Forms to folders migrated from Silverstripe CMS 3.x may be put to the default \"/Uploads\" folder instead. This affects installations which allowed upload folder protection via the optional silverstripe/secureassets module under 3.x. This module is installed and enabled by default on the Common Web Platform (CWP). The vulnerability only affects files uploaded after an upgrade to 4.x."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.silverstripe.org/download/security-releases/",
"refsource": "CONFIRM",
"url": "https://www.silverstripe.org/download/security-releases/"
},
{
"name": "https://forum.silverstripe.org/c/releases",
"refsource": "MISC",
"url": "https://forum.silverstripe.org/c/releases"
},
{
"name": "https://www.silverstripe.org/download/security-releases/cve-2020-9280",
"refsource": "CONFIRM",
"url": "https://www.silverstripe.org/download/security-releases/cve-2020-9280"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-9280",
"datePublished": "2020-04-15T20:18:14",
"dateReserved": "2020-02-19T00:00:00",
"dateUpdated": "2024-08-04T10:26:15.922Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-12617 (GCVE-0-2019-12617)
Vulnerability from cvelistv5
Published
2019-09-26 11:57
Modified
2024-08-04 23:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In SilverStripe through 4.3.3, there is access escalation for CMS users with limited access through permission cache pollution.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.silverstripe.org/download/security-releases/ | x_refsource_MISC | |
| https://www.silverstripe.org/blog/tag/release | x_refsource_MISC | |
| https://forum.silverstripe.org/c/releases | x_refsource_MISC | |
| https://www.silverstripe.org/download/security-releases/CVE-2019-12617 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:24:39.204Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.silverstripe.org/download/security-releases/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.silverstripe.org/blog/tag/release"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://forum.silverstripe.org/c/releases"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.silverstripe.org/download/security-releases/CVE-2019-12617"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In SilverStripe through 4.3.3, there is access escalation for CMS users with limited access through permission cache pollution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-26T11:57:29",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.silverstripe.org/download/security-releases/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.silverstripe.org/blog/tag/release"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://forum.silverstripe.org/c/releases"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.silverstripe.org/download/security-releases/CVE-2019-12617"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-12617",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In SilverStripe through 4.3.3, there is access escalation for CMS users with limited access through permission cache pollution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.silverstripe.org/download/security-releases/",
"refsource": "MISC",
"url": "https://www.silverstripe.org/download/security-releases/"
},
{
"name": "https://www.silverstripe.org/blog/tag/release",
"refsource": "MISC",
"url": "https://www.silverstripe.org/blog/tag/release"
},
{
"name": "https://forum.silverstripe.org/c/releases",
"refsource": "MISC",
"url": "https://forum.silverstripe.org/c/releases"
},
{
"name": "https://www.silverstripe.org/download/security-releases/CVE-2019-12617",
"refsource": "CONFIRM",
"url": "https://www.silverstripe.org/download/security-releases/CVE-2019-12617"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-12617",
"datePublished": "2019-09-26T11:57:18",
"dateReserved": "2019-06-03T00:00:00",
"dateUpdated": "2024-08-04T23:24:39.204Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-24444 (GCVE-0-2022-24444)
Vulnerability from cvelistv5
Published
2022-06-28 21:30
Modified
2024-08-03 04:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Silverstripe silverstripe/framework through 4.10 allows Session Fixation.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.silverstripe.org/download/security-releases/ | x_refsource_MISC | |
| https://www.silverstripe.org/blog/tag/release | x_refsource_MISC | |
| https://forum.silverstripe.org/c/releases | x_refsource_MISC | |
| https://docs.silverstripe.org/en/4/changelogs/4.10.1/ | x_refsource_MISC | |
| https://www.silverstripe.org/download/security-releases/cve-2022-24444 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:13:55.612Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.silverstripe.org/download/security-releases/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.silverstripe.org/blog/tag/release"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://forum.silverstripe.org/c/releases"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.silverstripe.org/en/4/changelogs/4.10.1/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.silverstripe.org/download/security-releases/cve-2022-24444"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Silverstripe silverstripe/framework through 4.10 allows Session Fixation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-28T21:30:54",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.silverstripe.org/download/security-releases/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.silverstripe.org/blog/tag/release"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://forum.silverstripe.org/c/releases"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.silverstripe.org/en/4/changelogs/4.10.1/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.silverstripe.org/download/security-releases/cve-2022-24444"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-24444",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Silverstripe silverstripe/framework through 4.10 allows Session Fixation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.silverstripe.org/download/security-releases/",
"refsource": "MISC",
"url": "https://www.silverstripe.org/download/security-releases/"
},
{
"name": "https://www.silverstripe.org/blog/tag/release",
"refsource": "MISC",
"url": "https://www.silverstripe.org/blog/tag/release"
},
{
"name": "https://forum.silverstripe.org/c/releases",
"refsource": "MISC",
"url": "https://forum.silverstripe.org/c/releases"
},
{
"name": "https://docs.silverstripe.org/en/4/changelogs/4.10.1/",
"refsource": "MISC",
"url": "https://docs.silverstripe.org/en/4/changelogs/4.10.1/"
},
{
"name": "https://www.silverstripe.org/download/security-releases/cve-2022-24444",
"refsource": "MISC",
"url": "https://www.silverstripe.org/download/security-releases/cve-2022-24444"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-24444",
"datePublished": "2022-06-28T21:30:54",
"dateReserved": "2022-02-04T00:00:00",
"dateUpdated": "2024-08-03T04:13:55.612Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-5187 (GCVE-0-2010-5187)
Vulnerability from cvelistv5
Published
2012-08-26 18:00
Modified
2024-09-16 22:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
SilverStripe 2.3.x before 2.3.8 and 2.4.x before 2.4.1, when running on servers with certain configurations, allows remote attackers to obtain sensitive information via a direct request to PHP files in the (1) sapphire, (2) cms, or (3) mysite folders, which reveals the installation path in an error message.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2012/05/01/3 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2012/04/30/1 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2012/04/30/3 | mailing-list, x_refsource_MLIST | |
| http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.4.1 | x_refsource_CONFIRM | |
| http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.3.8 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:09:39.272Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20120501 Re: CVE-request: SilverStripe before 2.4.4",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/01/3"
},
{
"name": "[oss-security] 20120430 CVE-request: SilverStripe before 2.4.4",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/1"
},
{
"name": "[oss-security] 20120430 Re: CVE-request: SilverStripe before 2.4.4",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.4.1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.3.8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SilverStripe 2.3.x before 2.3.8 and 2.4.x before 2.4.1, when running on servers with certain configurations, allows remote attackers to obtain sensitive information via a direct request to PHP files in the (1) sapphire, (2) cms, or (3) mysite folders, which reveals the installation path in an error message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-08-26T18:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20120501 Re: CVE-request: SilverStripe before 2.4.4",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/01/3"
},
{
"name": "[oss-security] 20120430 CVE-request: SilverStripe before 2.4.4",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/1"
},
{
"name": "[oss-security] 20120430 Re: CVE-request: SilverStripe before 2.4.4",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.4.1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.3.8"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-5187",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SilverStripe 2.3.x before 2.3.8 and 2.4.x before 2.4.1, when running on servers with certain configurations, allows remote attackers to obtain sensitive information via a direct request to PHP files in the (1) sapphire, (2) cms, or (3) mysite folders, which reveals the installation path in an error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20120501 Re: CVE-request: SilverStripe before 2.4.4",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/05/01/3"
},
{
"name": "[oss-security] 20120430 CVE-request: SilverStripe before 2.4.4",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/1"
},
{
"name": "[oss-security] 20120430 Re: CVE-request: SilverStripe before 2.4.4",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/3"
},
{
"name": "http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.4.1",
"refsource": "CONFIRM",
"url": "http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.4.1"
},
{
"name": "http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.3.8",
"refsource": "CONFIRM",
"url": "http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.3.8"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-5187",
"datePublished": "2012-08-26T18:00:00Z",
"dateReserved": "2012-08-26T00:00:00Z",
"dateUpdated": "2024-09-16T22:02:27.659Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-14272 (GCVE-0-2019-14272)
Vulnerability from cvelistv5
Published
2019-09-26 11:50
Modified
2024-08-05 00:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In SilverStripe asset-admin 4.0, there is XSS in file titles managed through the CMS.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.silverstripe.org/download/security-releases/ | x_refsource_MISC | |
| https://www.silverstripe.org/blog/tag/release | x_refsource_MISC | |
| https://forum.silverstripe.org/c/releases | x_refsource_MISC | |
| https://www.silverstripe.org/download/security-releases/CVE-2019-14272 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:12:43.351Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.silverstripe.org/download/security-releases/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.silverstripe.org/blog/tag/release"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://forum.silverstripe.org/c/releases"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.silverstripe.org/download/security-releases/CVE-2019-14272"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In SilverStripe asset-admin 4.0, there is XSS in file titles managed through the CMS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-26T11:51:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.silverstripe.org/download/security-releases/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.silverstripe.org/blog/tag/release"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://forum.silverstripe.org/c/releases"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.silverstripe.org/download/security-releases/CVE-2019-14272"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-14272",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In SilverStripe asset-admin 4.0, there is XSS in file titles managed through the CMS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.silverstripe.org/download/security-releases/",
"refsource": "MISC",
"url": "https://www.silverstripe.org/download/security-releases/"
},
{
"name": "https://www.silverstripe.org/blog/tag/release",
"refsource": "MISC",
"url": "https://www.silverstripe.org/blog/tag/release"
},
{
"name": "https://forum.silverstripe.org/c/releases",
"refsource": "MISC",
"url": "https://forum.silverstripe.org/c/releases"
},
{
"name": "https://www.silverstripe.org/download/security-releases/CVE-2019-14272",
"refsource": "CONFIRM",
"url": "https://www.silverstripe.org/download/security-releases/CVE-2019-14272"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-14272",
"datePublished": "2019-09-26T11:50:53",
"dateReserved": "2019-07-25T00:00:00",
"dateUpdated": "2024-08-05T00:12:43.351Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-5093 (GCVE-0-2010-5093)
Vulnerability from cvelistv5
Published
2012-08-26 18:00
Modified
2024-09-16 20:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Member_ProfileForm in security/Member.php in SilverStripe 2.3.x before 2.3.7 allows remote attackers to hijack user accounts by saving data using the email address (ID) of another user.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2012/05/01/3 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2012/04/30/1 | mailing-list, x_refsource_MLIST | |
| http://www.silverstripe.org/security-releases | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2012/04/30/3 | mailing-list, x_refsource_MLIST | |
| http://open.silverstripe.org/changeset/100744 | x_refsource_CONFIRM | |
| http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.3.7 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:09:39.022Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20120501 Re: CVE-request: SilverStripe before 2.4.4",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/01/3"
},
{
"name": "[oss-security] 20120430 CVE-request: SilverStripe before 2.4.4",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.silverstripe.org/security-releases"
},
{
"name": "[oss-security] 20120430 Re: CVE-request: SilverStripe before 2.4.4",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://open.silverstripe.org/changeset/100744"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.3.7"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Member_ProfileForm in security/Member.php in SilverStripe 2.3.x before 2.3.7 allows remote attackers to hijack user accounts by saving data using the email address (ID) of another user."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-08-26T18:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20120501 Re: CVE-request: SilverStripe before 2.4.4",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/01/3"
},
{
"name": "[oss-security] 20120430 CVE-request: SilverStripe before 2.4.4",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.silverstripe.org/security-releases"
},
{
"name": "[oss-security] 20120430 Re: CVE-request: SilverStripe before 2.4.4",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://open.silverstripe.org/changeset/100744"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.3.7"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-5093",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Member_ProfileForm in security/Member.php in SilverStripe 2.3.x before 2.3.7 allows remote attackers to hijack user accounts by saving data using the email address (ID) of another user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20120501 Re: CVE-request: SilverStripe before 2.4.4",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/05/01/3"
},
{
"name": "[oss-security] 20120430 CVE-request: SilverStripe before 2.4.4",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/1"
},
{
"name": "http://www.silverstripe.org/security-releases",
"refsource": "CONFIRM",
"url": "http://www.silverstripe.org/security-releases"
},
{
"name": "[oss-security] 20120430 Re: CVE-request: SilverStripe before 2.4.4",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/3"
},
{
"name": "http://open.silverstripe.org/changeset/100744",
"refsource": "CONFIRM",
"url": "http://open.silverstripe.org/changeset/100744"
},
{
"name": "http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.3.7",
"refsource": "CONFIRM",
"url": "http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.3.7"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-5093",
"datePublished": "2012-08-26T18:00:00Z",
"dateReserved": "2012-04-30T00:00:00Z",
"dateUpdated": "2024-09-16T20:42:48.290Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5715 (GCVE-0-2019-5715)
Vulnerability from cvelistv5
Published
2019-04-11 18:22
Modified
2024-08-04 20:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
All versions of SilverStripe 3 prior to 3.6.7 and 3.7.3, and all versions of SilverStripe 4 prior to 4.0.7, 4.1.5, 4.2.4, and 4.3.1 allows Reflected SQL Injection through Form and DataObject.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.silverstripe.org/download/security-releases/ss-2018-021 | x_refsource_MISC | |
| https://www.silverstripe.org/download/security-releases/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:01:52.221Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.silverstripe.org/download/security-releases/ss-2018-021"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.silverstripe.org/download/security-releases/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-02-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "All versions of SilverStripe 3 prior to 3.6.7 and 3.7.3, and all versions of SilverStripe 4 prior to 4.0.7, 4.1.5, 4.2.4, and 4.3.1 allows Reflected SQL Injection through Form and DataObject."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-11T18:22:52",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.silverstripe.org/download/security-releases/ss-2018-021"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.silverstripe.org/download/security-releases/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-5715",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "All versions of SilverStripe 3 prior to 3.6.7 and 3.7.3, and all versions of SilverStripe 4 prior to 4.0.7, 4.1.5, 4.2.4, and 4.3.1 allows Reflected SQL Injection through Form and DataObject."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.silverstripe.org/download/security-releases/ss-2018-021",
"refsource": "MISC",
"url": "https://www.silverstripe.org/download/security-releases/ss-2018-021"
},
{
"name": "https://www.silverstripe.org/download/security-releases/",
"refsource": "MISC",
"url": "https://www.silverstripe.org/download/security-releases/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-5715",
"datePublished": "2019-04-11T18:22:52",
"dateReserved": "2019-01-08T00:00:00",
"dateUpdated": "2024-08-04T20:01:52.221Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-5079 (GCVE-0-2010-5079)
Vulnerability from cvelistv5
Published
2012-09-17 17:00
Modified
2024-09-16 21:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4 uses weak entropy when generating tokens for (1) the CSRF protection mechanism, (2) autologin, (3) "forgot password" functionality, and (4) password salts, which makes it easier for remote attackers to bypass intended access restrictions via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://open.silverstripe.org/changeset/114505 | x_refsource_CONFIRM | |
| http://open.silverstripe.org/changeset/114503 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2012/05/01/3 | mailing-list, x_refsource_MLIST | |
| http://open.silverstripe.org/changeset/114504 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2012/04/30/1 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2012/04/30/3 | mailing-list, x_refsource_MLIST | |
| http://open.silverstripe.org/changeset/114498 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2011/01/03/12 | mailing-list, x_refsource_MLIST | |
| http://doc.silverstripe.org/framework/en/trunk/changelogs//2.4.4 | x_refsource_CONFIRM | |
| http://open.silverstripe.org/changeset/114497 | x_refsource_CONFIRM | |
| http://doc.silverstripe.org/framework/en/trunk/changelogs//2.3.10 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:09:38.942Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://open.silverstripe.org/changeset/114505"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://open.silverstripe.org/changeset/114503"
},
{
"name": "[oss-security] 20120501 Re: CVE-request: SilverStripe before 2.4.4",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/01/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://open.silverstripe.org/changeset/114504"
},
{
"name": "[oss-security] 20120430 CVE-request: SilverStripe before 2.4.4",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/1"
},
{
"name": "[oss-security] 20120430 Re: CVE-request: SilverStripe before 2.4.4",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://open.silverstripe.org/changeset/114498"
},
{
"name": "[oss-security] 20110104 CVE request: silverstripe before 2.4.4",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/01/03/12"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://doc.silverstripe.org/framework/en/trunk/changelogs//2.4.4"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://open.silverstripe.org/changeset/114497"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://doc.silverstripe.org/framework/en/trunk/changelogs//2.3.10"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4 uses weak entropy when generating tokens for (1) the CSRF protection mechanism, (2) autologin, (3) \"forgot password\" functionality, and (4) password salts, which makes it easier for remote attackers to bypass intended access restrictions via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-09-17T17:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://open.silverstripe.org/changeset/114505"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://open.silverstripe.org/changeset/114503"
},
{
"name": "[oss-security] 20120501 Re: CVE-request: SilverStripe before 2.4.4",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/01/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://open.silverstripe.org/changeset/114504"
},
{
"name": "[oss-security] 20120430 CVE-request: SilverStripe before 2.4.4",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/1"
},
{
"name": "[oss-security] 20120430 Re: CVE-request: SilverStripe before 2.4.4",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://open.silverstripe.org/changeset/114498"
},
{
"name": "[oss-security] 20110104 CVE request: silverstripe before 2.4.4",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/01/03/12"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://doc.silverstripe.org/framework/en/trunk/changelogs//2.4.4"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://open.silverstripe.org/changeset/114497"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://doc.silverstripe.org/framework/en/trunk/changelogs//2.3.10"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-5079",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4 uses weak entropy when generating tokens for (1) the CSRF protection mechanism, (2) autologin, (3) \"forgot password\" functionality, and (4) password salts, which makes it easier for remote attackers to bypass intended access restrictions via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://open.silverstripe.org/changeset/114505",
"refsource": "CONFIRM",
"url": "http://open.silverstripe.org/changeset/114505"
},
{
"name": "http://open.silverstripe.org/changeset/114503",
"refsource": "CONFIRM",
"url": "http://open.silverstripe.org/changeset/114503"
},
{
"name": "[oss-security] 20120501 Re: CVE-request: SilverStripe before 2.4.4",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/05/01/3"
},
{
"name": "http://open.silverstripe.org/changeset/114504",
"refsource": "CONFIRM",
"url": "http://open.silverstripe.org/changeset/114504"
},
{
"name": "[oss-security] 20120430 CVE-request: SilverStripe before 2.4.4",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/1"
},
{
"name": "[oss-security] 20120430 Re: CVE-request: SilverStripe before 2.4.4",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/3"
},
{
"name": "http://open.silverstripe.org/changeset/114498",
"refsource": "CONFIRM",
"url": "http://open.silverstripe.org/changeset/114498"
},
{
"name": "[oss-security] 20110104 CVE request: silverstripe before 2.4.4",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/01/03/12"
},
{
"name": "http://doc.silverstripe.org/framework/en/trunk/changelogs//2.4.4",
"refsource": "CONFIRM",
"url": "http://doc.silverstripe.org/framework/en/trunk/changelogs//2.4.4"
},
{
"name": "http://open.silverstripe.org/changeset/114497",
"refsource": "CONFIRM",
"url": "http://open.silverstripe.org/changeset/114497"
},
{
"name": "http://doc.silverstripe.org/framework/en/trunk/changelogs//2.3.10",
"refsource": "CONFIRM",
"url": "http://doc.silverstripe.org/framework/en/trunk/changelogs//2.3.10"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-5079",
"datePublished": "2012-09-17T17:00:00Z",
"dateReserved": "2011-12-19T00:00:00Z",
"dateUpdated": "2024-09-16T21:07:45.153Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-28661 (GCVE-0-2021-28661)
Vulnerability from cvelistv5
Published
2021-10-07 14:06
Modified
2024-08-03 21:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Default SilverStripe GraphQL Server (aka silverstripe/graphql) 3.x through 3.4.1 permission checker not inherited by query subclass.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/silverstripe/silverstripe-graphql/releases | x_refsource_MISC | |
| https://www.silverstripe.org/download/security-releases/CVE-2021-28661 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:47:32.974Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/silverstripe/silverstripe-graphql/releases"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.silverstripe.org/download/security-releases/CVE-2021-28661"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Default SilverStripe GraphQL Server (aka silverstripe/graphql) 3.x through 3.4.1 permission checker not inherited by query subclass."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-07T14:06:31",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/silverstripe/silverstripe-graphql/releases"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.silverstripe.org/download/security-releases/CVE-2021-28661"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-28661",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Default SilverStripe GraphQL Server (aka silverstripe/graphql) 3.x through 3.4.1 permission checker not inherited by query subclass."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/silverstripe/silverstripe-graphql/releases",
"refsource": "MISC",
"url": "https://github.com/silverstripe/silverstripe-graphql/releases"
},
{
"name": "https://www.silverstripe.org/download/security-releases/CVE-2021-28661",
"refsource": "MISC",
"url": "https://www.silverstripe.org/download/security-releases/CVE-2021-28661"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-28661",
"datePublished": "2021-10-07T14:06:31",
"dateReserved": "2021-03-18T00:00:00",
"dateUpdated": "2024-08-03T21:47:32.974Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-12245 (GCVE-0-2019-12245)
Vulnerability from cvelistv5
Published
2019-09-25 18:41
Modified
2024-08-04 23:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
SilverStripe through 4.3.3 has incorrect access control for protected files uploaded via Upload::loadIntoFile(). An attacker may be able to guess a filename in silverstripe/assets via the AssetControlExtension.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.silverstripe.org/download/security-releases/ | x_refsource_MISC | |
| https://forum.silverstripe.org/c/releases | x_refsource_MISC | |
| https://www.silverstripe.org/download/security-releases/CVE-2019-12245 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:17:38.201Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.silverstripe.org/download/security-releases/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://forum.silverstripe.org/c/releases"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.silverstripe.org/download/security-releases/CVE-2019-12245"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SilverStripe through 4.3.3 has incorrect access control for protected files uploaded via Upload::loadIntoFile(). An attacker may be able to guess a filename in silverstripe/assets via the AssetControlExtension."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-25T18:41:07",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.silverstripe.org/download/security-releases/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://forum.silverstripe.org/c/releases"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.silverstripe.org/download/security-releases/CVE-2019-12245"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-12245",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SilverStripe through 4.3.3 has incorrect access control for protected files uploaded via Upload::loadIntoFile(). An attacker may be able to guess a filename in silverstripe/assets via the AssetControlExtension."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.silverstripe.org/download/security-releases/",
"refsource": "MISC",
"url": "https://www.silverstripe.org/download/security-releases/"
},
{
"name": "https://forum.silverstripe.org/c/releases",
"refsource": "MISC",
"url": "https://forum.silverstripe.org/c/releases"
},
{
"name": "https://www.silverstripe.org/download/security-releases/CVE-2019-12245",
"refsource": "CONFIRM",
"url": "https://www.silverstripe.org/download/security-releases/CVE-2019-12245"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-12245",
"datePublished": "2019-09-25T18:41:07",
"dateReserved": "2019-05-20T00:00:00",
"dateUpdated": "2024-08-04T23:17:38.201Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-4824 (GCVE-0-2010-4824)
Vulnerability from cvelistv5
Published
2012-09-17 17:00
Modified
2024-08-07 04:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
SQL injection vulnerability in the augmentSQL method in core/model/Translatable.php in SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4, when the Translatable extension is enabled, allows remote attackers to execute arbitrary SQL commands via the locale parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/63989 | vdb-entry, x_refsource_XF | |
| http://open.silverstripe.org/changeset/114517 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2012/05/01/3 | mailing-list, x_refsource_MLIST | |
| http://open.silverstripe.org/changeset/114515 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/45367 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/42346 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.openwall.com/lists/oss-security/2012/04/30/1 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2012/04/30/3 | mailing-list, x_refsource_MLIST | |
| http://www.osvdb.org/69884 | vdb-entry, x_refsource_OSVDB | |
| http://www.openwall.com/lists/oss-security/2011/01/03/12 | mailing-list, x_refsource_MLIST | |
| http://doc.silverstripe.org/framework/en/trunk/changelogs//2.4.4 | x_refsource_CONFIRM | |
| http://doc.silverstripe.org/framework/en/trunk/changelogs//2.3.10 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:02:29.642Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "silverstripe-locale-sql-injection(63989)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/63989"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://open.silverstripe.org/changeset/114517"
},
{
"name": "[oss-security] 20120501 Re: CVE-request: SilverStripe before 2.4.4",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/01/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://open.silverstripe.org/changeset/114515"
},
{
"name": "45367",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/45367"
},
{
"name": "42346",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42346"
},
{
"name": "[oss-security] 20120430 CVE-request: SilverStripe before 2.4.4",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/1"
},
{
"name": "[oss-security] 20120430 Re: CVE-request: SilverStripe before 2.4.4",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/3"
},
{
"name": "69884",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/69884"
},
{
"name": "[oss-security] 20110104 CVE request: silverstripe before 2.4.4",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/01/03/12"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://doc.silverstripe.org/framework/en/trunk/changelogs//2.4.4"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://doc.silverstripe.org/framework/en/trunk/changelogs//2.3.10"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-02-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the augmentSQL method in core/model/Translatable.php in SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4, when the Translatable extension is enabled, allows remote attackers to execute arbitrary SQL commands via the locale parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "silverstripe-locale-sql-injection(63989)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/63989"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://open.silverstripe.org/changeset/114517"
},
{
"name": "[oss-security] 20120501 Re: CVE-request: SilverStripe before 2.4.4",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/01/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://open.silverstripe.org/changeset/114515"
},
{
"name": "45367",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/45367"
},
{
"name": "42346",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42346"
},
{
"name": "[oss-security] 20120430 CVE-request: SilverStripe before 2.4.4",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/1"
},
{
"name": "[oss-security] 20120430 Re: CVE-request: SilverStripe before 2.4.4",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/3"
},
{
"name": "69884",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/69884"
},
{
"name": "[oss-security] 20110104 CVE request: silverstripe before 2.4.4",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/01/03/12"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://doc.silverstripe.org/framework/en/trunk/changelogs//2.4.4"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://doc.silverstripe.org/framework/en/trunk/changelogs//2.3.10"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-4824",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the augmentSQL method in core/model/Translatable.php in SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4, when the Translatable extension is enabled, allows remote attackers to execute arbitrary SQL commands via the locale parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "silverstripe-locale-sql-injection(63989)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/63989"
},
{
"name": "http://open.silverstripe.org/changeset/114517",
"refsource": "CONFIRM",
"url": "http://open.silverstripe.org/changeset/114517"
},
{
"name": "[oss-security] 20120501 Re: CVE-request: SilverStripe before 2.4.4",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/05/01/3"
},
{
"name": "http://open.silverstripe.org/changeset/114515",
"refsource": "CONFIRM",
"url": "http://open.silverstripe.org/changeset/114515"
},
{
"name": "45367",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45367"
},
{
"name": "42346",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42346"
},
{
"name": "[oss-security] 20120430 CVE-request: SilverStripe before 2.4.4",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/1"
},
{
"name": "[oss-security] 20120430 Re: CVE-request: SilverStripe before 2.4.4",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/3"
},
{
"name": "69884",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/69884"
},
{
"name": "[oss-security] 20110104 CVE request: silverstripe before 2.4.4",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/01/03/12"
},
{
"name": "http://doc.silverstripe.org/framework/en/trunk/changelogs//2.4.4",
"refsource": "CONFIRM",
"url": "http://doc.silverstripe.org/framework/en/trunk/changelogs//2.4.4"
},
{
"name": "http://doc.silverstripe.org/framework/en/trunk/changelogs//2.3.10",
"refsource": "CONFIRM",
"url": "http://doc.silverstripe.org/framework/en/trunk/changelogs//2.3.10"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-4824",
"datePublished": "2012-09-17T17:00:00",
"dateReserved": "2011-08-19T00:00:00",
"dateUpdated": "2024-08-07T04:02:29.642Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-5062 (GCVE-0-2015-5062)
Vulnerability from cvelistv5
Published
2015-06-24 14:00
Modified
2024-08-06 06:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Open redirect vulnerability in SilverStripe CMS & Framework 3.1.13 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the returnURL parameter to dev/build.
References
| ▼ | URL | Tags |
|---|---|---|
| http://packetstormsecurity.com/files/132223/SilverStripe-CMS-3.1.13-XSS-Open-Redirect.html | x_refsource_MISC | |
| http://hyp3rlinx.altervista.org/advisories/AS-SILVERSTRIPE0607.txt | x_refsource_MISC | |
| http://www.securityfocus.com/archive/1/535716/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/75419 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:32:32.614Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/132223/SilverStripe-CMS-3.1.13-XSS-Open-Redirect.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://hyp3rlinx.altervista.org/advisories/AS-SILVERSTRIPE0607.txt"
},
{
"name": "20150609 SilverStripe CMS Unvalidated Redirect \u0026 XSS vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/535716/100/0/threaded"
},
{
"name": "75419",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/75419"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-06-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in SilverStripe CMS \u0026 Framework 3.1.13 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the returnURL parameter to dev/build."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/132223/SilverStripe-CMS-3.1.13-XSS-Open-Redirect.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://hyp3rlinx.altervista.org/advisories/AS-SILVERSTRIPE0607.txt"
},
{
"name": "20150609 SilverStripe CMS Unvalidated Redirect \u0026 XSS vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/535716/100/0/threaded"
},
{
"name": "75419",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/75419"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-5062",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open redirect vulnerability in SilverStripe CMS \u0026 Framework 3.1.13 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the returnURL parameter to dev/build."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/132223/SilverStripe-CMS-3.1.13-XSS-Open-Redirect.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/132223/SilverStripe-CMS-3.1.13-XSS-Open-Redirect.html"
},
{
"name": "http://hyp3rlinx.altervista.org/advisories/AS-SILVERSTRIPE0607.txt",
"refsource": "MISC",
"url": "http://hyp3rlinx.altervista.org/advisories/AS-SILVERSTRIPE0607.txt"
},
{
"name": "20150609 SilverStripe CMS Unvalidated Redirect \u0026 XSS vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/535716/100/0/threaded"
},
{
"name": "75419",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75419"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-5062",
"datePublished": "2015-06-24T14:00:00",
"dateReserved": "2015-06-24T00:00:00",
"dateUpdated": "2024-08-06T06:32:32.614Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-8606 (GCVE-0-2015-8606)
Vulnerability from cvelistv5
Published
2016-04-13 15:00
Modified
2024-08-06 08:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple cross-site scripting (XSS) vulnerabilities in SilverStripe CMS & Framework before 3.1.16 and 3.2.x before 3.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) Locale or (2) FailedLoginCount parameter to admin/security/EditForm/field/Members/item/new/ItemEditForm.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2015/12/17/1 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2015/12/17/11 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2015/12/18/5 | mailing-list, x_refsource_MLIST | |
| http://www.silverstripe.org/download/security-releases/ss-2015-026 | x_refsource_CONFIRM | |
| http://seclists.org/fulldisclosure/2015/Dec/55 | mailing-list, x_refsource_FULLDISC | |
| https://cybersecurityworks.com/zerodays/cve-2015-8606-silverstripe.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:20:43.475Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20151217 Cross site scripting vulnerability (XSS) in SilverStripe CMS \u0026 Framework v3.2.0",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/17/1"
},
{
"name": "[oss-security] 20151217 Re: Cross site scripting vulnerability (XSS) in SilverStripe CMS \u0026 Framework v3.2.0",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/17/11"
},
{
"name": "[oss-security] 20151218 [FD] [CVE-2015-8606] SilverStripe CMS \u0026 Framework v3.2.0 - Cross-Site Scripting Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/18/5"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.silverstripe.org/download/security-releases/ss-2015-026"
},
{
"name": "20151213 SilverStripe CMS \u0026 Framework v3.2.0 - Cross-Site Scripting Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2015/Dec/55"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cybersecurityworks.com/zerodays/cve-2015-8606-silverstripe.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-11-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in SilverStripe CMS \u0026 Framework before 3.1.16 and 3.2.x before 3.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) Locale or (2) FailedLoginCount parameter to admin/security/EditForm/field/Members/item/new/ItemEditForm."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-29T21:07:28",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20151217 Cross site scripting vulnerability (XSS) in SilverStripe CMS \u0026 Framework v3.2.0",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/17/1"
},
{
"name": "[oss-security] 20151217 Re: Cross site scripting vulnerability (XSS) in SilverStripe CMS \u0026 Framework v3.2.0",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/17/11"
},
{
"name": "[oss-security] 20151218 [FD] [CVE-2015-8606] SilverStripe CMS \u0026 Framework v3.2.0 - Cross-Site Scripting Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/18/5"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.silverstripe.org/download/security-releases/ss-2015-026"
},
{
"name": "20151213 SilverStripe CMS \u0026 Framework v3.2.0 - Cross-Site Scripting Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2015/Dec/55"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cybersecurityworks.com/zerodays/cve-2015-8606-silverstripe.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-8606",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in SilverStripe CMS \u0026 Framework before 3.1.16 and 3.2.x before 3.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) Locale or (2) FailedLoginCount parameter to admin/security/EditForm/field/Members/item/new/ItemEditForm."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20151217 Cross site scripting vulnerability (XSS) in SilverStripe CMS \u0026 Framework v3.2.0",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/12/17/1"
},
{
"name": "[oss-security] 20151217 Re: Cross site scripting vulnerability (XSS) in SilverStripe CMS \u0026 Framework v3.2.0",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/12/17/11"
},
{
"name": "[oss-security] 20151218 [FD] [CVE-2015-8606] SilverStripe CMS \u0026 Framework v3.2.0 - Cross-Site Scripting Vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/12/18/5"
},
{
"name": "http://www.silverstripe.org/download/security-releases/ss-2015-026",
"refsource": "CONFIRM",
"url": "http://www.silverstripe.org/download/security-releases/ss-2015-026"
},
{
"name": "20151213 SilverStripe CMS \u0026 Framework v3.2.0 - Cross-Site Scripting Vulnerability",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Dec/55"
},
{
"name": "https://cybersecurityworks.com/zerodays/cve-2015-8606-silverstripe.html",
"refsource": "MISC",
"url": "https://cybersecurityworks.com/zerodays/cve-2015-8606-silverstripe.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-8606",
"datePublished": "2016-04-13T15:00:00",
"dateReserved": "2015-12-17T00:00:00",
"dateUpdated": "2024-08-06T08:20:43.475Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-5090 (GCVE-0-2010-5090)
Vulnerability from cvelistv5
Published
2012-08-26 18:00
Modified
2024-09-17 02:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
SilverStripe before 2.4.2 allows remote authenticated users to change administrator passwords via vectors related to admin/security.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2012/05/01/3 | mailing-list, x_refsource_MLIST | |
| http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.4.2 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2012/04/30/1 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2012/04/30/3 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:09:38.803Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20120501 Re: CVE-request: SilverStripe before 2.4.4",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/01/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.4.2"
},
{
"name": "[oss-security] 20120430 CVE-request: SilverStripe before 2.4.4",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/1"
},
{
"name": "[oss-security] 20120430 Re: CVE-request: SilverStripe before 2.4.4",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SilverStripe before 2.4.2 allows remote authenticated users to change administrator passwords via vectors related to admin/security."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-08-26T18:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20120501 Re: CVE-request: SilverStripe before 2.4.4",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/01/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.4.2"
},
{
"name": "[oss-security] 20120430 CVE-request: SilverStripe before 2.4.4",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/1"
},
{
"name": "[oss-security] 20120430 Re: CVE-request: SilverStripe before 2.4.4",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-5090",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SilverStripe before 2.4.2 allows remote authenticated users to change administrator passwords via vectors related to admin/security."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20120501 Re: CVE-request: SilverStripe before 2.4.4",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/05/01/3"
},
{
"name": "http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.4.2",
"refsource": "CONFIRM",
"url": "http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.4.2"
},
{
"name": "[oss-security] 20120430 CVE-request: SilverStripe before 2.4.4",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/1"
},
{
"name": "[oss-security] 20120430 Re: CVE-request: SilverStripe before 2.4.4",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-5090",
"datePublished": "2012-08-26T18:00:00Z",
"dateReserved": "2012-04-30T00:00:00Z",
"dateUpdated": "2024-09-17T02:32:34.578Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-5087 (GCVE-0-2010-5087)
Vulnerability from cvelistv5
Published
2012-08-26 18:00
Modified
2024-09-16 19:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism and hijack the authentication of administrators via vectors related to "form action requests" using a controller.
References
| ▼ | URL | Tags |
|---|---|---|
| http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.3.10 | x_refsource_CONFIRM | |
| http://open.silverstripe.org/changeset/115182 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2012/05/01/3 | mailing-list, x_refsource_MLIST | |
| http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.4.4 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/42346 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.openwall.com/lists/oss-security/2012/04/30/1 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2012/04/30/3 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2011/01/03/12 | mailing-list, x_refsource_MLIST | |
| http://open.silverstripe.org/changeset/115185 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:09:38.930Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.3.10"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://open.silverstripe.org/changeset/115182"
},
{
"name": "[oss-security] 20120501 Re: CVE-request: SilverStripe before 2.4.4",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/01/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.4.4"
},
{
"name": "42346",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42346"
},
{
"name": "[oss-security] 20120430 CVE-request: SilverStripe before 2.4.4",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/1"
},
{
"name": "[oss-security] 20120430 Re: CVE-request: SilverStripe before 2.4.4",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/3"
},
{
"name": "[oss-security] 20110104 CVE request: silverstripe before 2.4.4",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/01/03/12"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://open.silverstripe.org/changeset/115185"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism and hijack the authentication of administrators via vectors related to \"form action requests\" using a controller."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-08-26T18:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.3.10"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://open.silverstripe.org/changeset/115182"
},
{
"name": "[oss-security] 20120501 Re: CVE-request: SilverStripe before 2.4.4",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/01/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.4.4"
},
{
"name": "42346",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42346"
},
{
"name": "[oss-security] 20120430 CVE-request: SilverStripe before 2.4.4",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/1"
},
{
"name": "[oss-security] 20120430 Re: CVE-request: SilverStripe before 2.4.4",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/3"
},
{
"name": "[oss-security] 20110104 CVE request: silverstripe before 2.4.4",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/01/03/12"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://open.silverstripe.org/changeset/115185"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-5087",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism and hijack the authentication of administrators via vectors related to \"form action requests\" using a controller."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.3.10",
"refsource": "CONFIRM",
"url": "http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.3.10"
},
{
"name": "http://open.silverstripe.org/changeset/115182",
"refsource": "CONFIRM",
"url": "http://open.silverstripe.org/changeset/115182"
},
{
"name": "[oss-security] 20120501 Re: CVE-request: SilverStripe before 2.4.4",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/05/01/3"
},
{
"name": "http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.4.4",
"refsource": "CONFIRM",
"url": "http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.4.4"
},
{
"name": "42346",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42346"
},
{
"name": "[oss-security] 20120430 CVE-request: SilverStripe before 2.4.4",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/1"
},
{
"name": "[oss-security] 20120430 Re: CVE-request: SilverStripe before 2.4.4",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/3"
},
{
"name": "[oss-security] 20110104 CVE request: silverstripe before 2.4.4",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/01/03/12"
},
{
"name": "http://open.silverstripe.org/changeset/115185",
"refsource": "CONFIRM",
"url": "http://open.silverstripe.org/changeset/115185"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-5087",
"datePublished": "2012-08-26T18:00:00Z",
"dateReserved": "2012-04-30T00:00:00Z",
"dateUpdated": "2024-09-16T19:35:01.484Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-2321 (GCVE-0-2007-2321)
Vulnerability from cvelistv5
Published
2007-04-27 00:00
Modified
2024-08-07 13:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unspecified vulnerability in the search functionality in SilverStripe 2.0.0 has unknown impact and attack vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.silverstripe.com/silverstripe-2-0-1-released/ | x_refsource_CONFIRM | |
| http://www.vupen.com/english/advisories/2007/1537 | vdb-entry, x_refsource_VUPEN | |
| http://osvdb.org/35323 | vdb-entry, x_refsource_OSVDB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/33883 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/24936 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:33:28.639Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.silverstripe.com/silverstripe-2-0-1-released/"
},
{
"name": "ADV-2007-1537",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1537"
},
{
"name": "35323",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/35323"
},
{
"name": "silverstripe-search-unspecified(33883)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33883"
},
{
"name": "24936",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24936"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-04-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the search functionality in SilverStripe 2.0.0 has unknown impact and attack vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.silverstripe.com/silverstripe-2-0-1-released/"
},
{
"name": "ADV-2007-1537",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1537"
},
{
"name": "35323",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/35323"
},
{
"name": "silverstripe-search-unspecified(33883)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33883"
},
{
"name": "24936",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24936"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2321",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the search functionality in SilverStripe 2.0.0 has unknown impact and attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.silverstripe.com/silverstripe-2-0-1-released/",
"refsource": "CONFIRM",
"url": "http://www.silverstripe.com/silverstripe-2-0-1-released/"
},
{
"name": "ADV-2007-1537",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1537"
},
{
"name": "35323",
"refsource": "OSVDB",
"url": "http://osvdb.org/35323"
},
{
"name": "silverstripe-search-unspecified(33883)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33883"
},
{
"name": "24936",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24936"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-2321",
"datePublished": "2007-04-27T00:00:00",
"dateReserved": "2007-04-26T00:00:00",
"dateUpdated": "2024-08-07T13:33:28.639Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-5092 (GCVE-0-2010-5092)
Vulnerability from cvelistv5
Published
2012-08-26 18:00
Modified
2024-09-16 18:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The Add Member dialog in the Security admin page in SilverStripe 2.4.0 saves user passwords in plaintext, which allows local users to obtain sensitive information by reading a database.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2012/05/01/3 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2012/04/30/1 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2012/04/30/3 | mailing-list, x_refsource_MLIST | |
| http://open.silverstripe.org/ticket/5772 | x_refsource_MISC | |
| http://open.silverstripe.org/changeset/107532 | x_refsource_CONFIRM | |
| http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.4.1 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:09:38.921Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20120501 Re: CVE-request: SilverStripe before 2.4.4",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/01/3"
},
{
"name": "[oss-security] 20120430 CVE-request: SilverStripe before 2.4.4",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/1"
},
{
"name": "[oss-security] 20120430 Re: CVE-request: SilverStripe before 2.4.4",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/3"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://open.silverstripe.org/ticket/5772"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://open.silverstripe.org/changeset/107532"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.4.1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Add Member dialog in the Security admin page in SilverStripe 2.4.0 saves user passwords in plaintext, which allows local users to obtain sensitive information by reading a database."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-08-26T18:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20120501 Re: CVE-request: SilverStripe before 2.4.4",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/01/3"
},
{
"name": "[oss-security] 20120430 CVE-request: SilverStripe before 2.4.4",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/1"
},
{
"name": "[oss-security] 20120430 Re: CVE-request: SilverStripe before 2.4.4",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/3"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://open.silverstripe.org/ticket/5772"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://open.silverstripe.org/changeset/107532"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.4.1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-5092",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Add Member dialog in the Security admin page in SilverStripe 2.4.0 saves user passwords in plaintext, which allows local users to obtain sensitive information by reading a database."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20120501 Re: CVE-request: SilverStripe before 2.4.4",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/05/01/3"
},
{
"name": "[oss-security] 20120430 CVE-request: SilverStripe before 2.4.4",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/1"
},
{
"name": "[oss-security] 20120430 Re: CVE-request: SilverStripe before 2.4.4",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/3"
},
{
"name": "http://open.silverstripe.org/ticket/5772",
"refsource": "MISC",
"url": "http://open.silverstripe.org/ticket/5772"
},
{
"name": "http://open.silverstripe.org/changeset/107532",
"refsource": "CONFIRM",
"url": "http://open.silverstripe.org/changeset/107532"
},
{
"name": "http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.4.1",
"refsource": "CONFIRM",
"url": "http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.4.1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-5092",
"datePublished": "2012-08-26T18:00:00Z",
"dateReserved": "2012-04-30T00:00:00Z",
"dateUpdated": "2024-09-16T18:34:25.444Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9311 (GCVE-0-2020-9311)
Vulnerability from cvelistv5
Published
2020-07-15 21:00
Modified
2024-08-04 10:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In SilverStripe through 4.5, malicious users with a valid Silverstripe CMS login (usually CMS access) can craft profile information which can lead to XSS for other users through specially crafted login form URLs.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.silverstripe.org/download/security-releases/CVE-2020-9311 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:26:15.990Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.silverstripe.org/download/security-releases/CVE-2020-9311"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2020-07-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In SilverStripe through 4.5, malicious users with a valid Silverstripe CMS login (usually CMS access) can craft profile information which can lead to XSS for other users through specially crafted login form URLs."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-15T21:00:17",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.silverstripe.org/download/security-releases/CVE-2020-9311"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-9311",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In SilverStripe through 4.5, malicious users with a valid Silverstripe CMS login (usually CMS access) can craft profile information which can lead to XSS for other users through specially crafted login form URLs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.silverstripe.org/download/security-releases/CVE-2020-9311",
"refsource": "CONFIRM",
"url": "https://www.silverstripe.org/download/security-releases/CVE-2020-9311"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-9311",
"datePublished": "2020-07-15T21:00:17",
"dateReserved": "2020-02-20T00:00:00",
"dateUpdated": "2024-08-04T10:26:15.990Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-12205 (GCVE-0-2019-12205)
Vulnerability from cvelistv5
Published
2019-09-25 18:51
Modified
2024-08-04 23:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
SilverStripe through 4.3.3 has Flash Clipboard Reflected XSS.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.silverstripe.org/download/security-releases/ | x_refsource_MISC | |
| https://forum.silverstripe.org/c/releases | x_refsource_MISC | |
| https://www.silverstripe.org/download/security-releases/CVE-2019-12205 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:17:38.219Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.silverstripe.org/download/security-releases/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://forum.silverstripe.org/c/releases"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.silverstripe.org/download/security-releases/CVE-2019-12205"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SilverStripe through 4.3.3 has Flash Clipboard Reflected XSS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-25T18:51:31",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.silverstripe.org/download/security-releases/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://forum.silverstripe.org/c/releases"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.silverstripe.org/download/security-releases/CVE-2019-12205"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-12205",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SilverStripe through 4.3.3 has Flash Clipboard Reflected XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.silverstripe.org/download/security-releases/",
"refsource": "MISC",
"url": "https://www.silverstripe.org/download/security-releases/"
},
{
"name": "https://forum.silverstripe.org/c/releases",
"refsource": "MISC",
"url": "https://forum.silverstripe.org/c/releases"
},
{
"name": "https://www.silverstripe.org/download/security-releases/CVE-2019-12205",
"refsource": "CONFIRM",
"url": "https://www.silverstripe.org/download/security-releases/CVE-2019-12205"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-12205",
"datePublished": "2019-09-25T18:51:31",
"dateReserved": "2019-05-20T00:00:00",
"dateUpdated": "2024-08-04T23:17:38.219Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-0976 (GCVE-0-2012-0976)
Vulnerability from cvelistv5
Published
2012-02-02 17:00
Modified
2024-08-06 18:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in admin/EditForm in SilverStripe 2.4.6 allows remote authenticated users with Content Authors privileges to inject arbitrary web script or HTML via the Title parameter. NOTE: some of these details are obtained from third party information.
References
| ▼ | URL | Tags |
|---|---|---|
| http://doc.silverstripe.org/framework/en/trunk/changelogs/2.4.7 | x_refsource_CONFIRM | |
| https://github.com/silverstripe/sapphire/commit/475e077 | x_refsource_CONFIRM | |
| http://osvdb.org/78677 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/51761 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/47812 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.openwall.com/lists/oss-security/2012/04/30/3 | mailing-list, x_refsource_MLIST | |
| https://github.com/silverstripe/sapphire/commit/5fe7091 | x_refsource_CONFIRM | |
| http://doc.silverstripe.org/framework/en/trunk/changelogs/2.3.13 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/72820 | vdb-entry, x_refsource_XF | |
| http://packetstormsecurity.org/files/view/109210/silverstripecmspage-xss.txt | x_refsource_MISC | |
| https://github.com/silverstripe/sapphire/commit/252e187 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:45:26.073Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://doc.silverstripe.org/framework/en/trunk/changelogs/2.4.7"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/silverstripe/sapphire/commit/475e077"
},
{
"name": "78677",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/78677"
},
{
"name": "51761",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/51761"
},
{
"name": "47812",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47812"
},
{
"name": "[oss-security] 20120430 Re: CVE-request: SilverStripe before 2.4.4",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/silverstripe/sapphire/commit/5fe7091"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://doc.silverstripe.org/framework/en/trunk/changelogs/2.3.13"
},
{
"name": "silverstripe-editform-xss(72820)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72820"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/files/view/109210/silverstripecmspage-xss.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/silverstripe/sapphire/commit/252e187"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-01-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in admin/EditForm in SilverStripe 2.4.6 allows remote authenticated users with Content Authors privileges to inject arbitrary web script or HTML via the Title parameter. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://doc.silverstripe.org/framework/en/trunk/changelogs/2.4.7"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/silverstripe/sapphire/commit/475e077"
},
{
"name": "78677",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/78677"
},
{
"name": "51761",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/51761"
},
{
"name": "47812",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47812"
},
{
"name": "[oss-security] 20120430 Re: CVE-request: SilverStripe before 2.4.4",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/silverstripe/sapphire/commit/5fe7091"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://doc.silverstripe.org/framework/en/trunk/changelogs/2.3.13"
},
{
"name": "silverstripe-editform-xss(72820)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72820"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/files/view/109210/silverstripecmspage-xss.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/silverstripe/sapphire/commit/252e187"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-0976",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in admin/EditForm in SilverStripe 2.4.6 allows remote authenticated users with Content Authors privileges to inject arbitrary web script or HTML via the Title parameter. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://doc.silverstripe.org/framework/en/trunk/changelogs/2.4.7",
"refsource": "CONFIRM",
"url": "http://doc.silverstripe.org/framework/en/trunk/changelogs/2.4.7"
},
{
"name": "https://github.com/silverstripe/sapphire/commit/475e077",
"refsource": "CONFIRM",
"url": "https://github.com/silverstripe/sapphire/commit/475e077"
},
{
"name": "78677",
"refsource": "OSVDB",
"url": "http://osvdb.org/78677"
},
{
"name": "51761",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51761"
},
{
"name": "47812",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47812"
},
{
"name": "[oss-security] 20120430 Re: CVE-request: SilverStripe before 2.4.4",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/3"
},
{
"name": "https://github.com/silverstripe/sapphire/commit/5fe7091",
"refsource": "CONFIRM",
"url": "https://github.com/silverstripe/sapphire/commit/5fe7091"
},
{
"name": "http://doc.silverstripe.org/framework/en/trunk/changelogs/2.3.13",
"refsource": "CONFIRM",
"url": "http://doc.silverstripe.org/framework/en/trunk/changelogs/2.3.13"
},
{
"name": "silverstripe-editform-xss(72820)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72820"
},
{
"name": "http://packetstormsecurity.org/files/view/109210/silverstripecmspage-xss.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/view/109210/silverstripecmspage-xss.txt"
},
{
"name": "https://github.com/silverstripe/sapphire/commit/252e187",
"refsource": "CONFIRM",
"url": "https://github.com/silverstripe/sapphire/commit/252e187"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-0976",
"datePublished": "2012-02-02T17:00:00",
"dateReserved": "2012-02-02T00:00:00",
"dateUpdated": "2024-08-06T18:45:26.073Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-5188 (GCVE-0-2010-5188)
Vulnerability from cvelistv5
Published
2012-08-26 18:00
Modified
2024-08-07 04:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
SilverStripe 2.3.x before 2.3.6 allows remote attackers to obtain sensitive information via the (1) debug_memory parameter to core/control/Director.php or (2) debug_profile parameter to main.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2012/05/01/3 | mailing-list, x_refsource_MLIST | |
| http://open.silverstripe.org/changeset/98229 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/56546 | vdb-entry, x_refsource_XF | |
| http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.3.6 | x_refsource_CONFIRM | |
| http://groups.google.com/group/silverstripe-announce/browse_thread/thread/c75fbd7926ed2725?tvc=2&fwc=1 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/38697 | third-party-advisory, x_refsource_SECUNIA | |
| http://open.silverstripe.org/changeset/98230 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/38394 | vdb-entry, x_refsource_BID | |
| http://www.osvdb.org/62541 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:09:39.308Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20120501 Re: CVE-request: SilverStripe before 2.4.4",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/01/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://open.silverstripe.org/changeset/98229"
},
{
"name": "silverstripe-dataobjectset-xss(56546)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56546"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.3.6"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://groups.google.com/group/silverstripe-announce/browse_thread/thread/c75fbd7926ed2725?tvc=2\u0026fwc=1"
},
{
"name": "38697",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38697"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://open.silverstripe.org/changeset/98230"
},
{
"name": "38394",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/38394"
},
{
"name": "62541",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/62541"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-02-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SilverStripe 2.3.x before 2.3.6 allows remote attackers to obtain sensitive information via the (1) debug_memory parameter to core/control/Director.php or (2) debug_profile parameter to main.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20120501 Re: CVE-request: SilverStripe before 2.4.4",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/01/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://open.silverstripe.org/changeset/98229"
},
{
"name": "silverstripe-dataobjectset-xss(56546)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56546"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.3.6"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://groups.google.com/group/silverstripe-announce/browse_thread/thread/c75fbd7926ed2725?tvc=2\u0026fwc=1"
},
{
"name": "38697",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38697"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://open.silverstripe.org/changeset/98230"
},
{
"name": "38394",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/38394"
},
{
"name": "62541",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/62541"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-5188",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SilverStripe 2.3.x before 2.3.6 allows remote attackers to obtain sensitive information via the (1) debug_memory parameter to core/control/Director.php or (2) debug_profile parameter to main.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20120501 Re: CVE-request: SilverStripe before 2.4.4",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/05/01/3"
},
{
"name": "http://open.silverstripe.org/changeset/98229",
"refsource": "CONFIRM",
"url": "http://open.silverstripe.org/changeset/98229"
},
{
"name": "silverstripe-dataobjectset-xss(56546)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56546"
},
{
"name": "http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.3.6",
"refsource": "CONFIRM",
"url": "http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.3.6"
},
{
"name": "http://groups.google.com/group/silverstripe-announce/browse_thread/thread/c75fbd7926ed2725?tvc=2\u0026fwc=1",
"refsource": "CONFIRM",
"url": "http://groups.google.com/group/silverstripe-announce/browse_thread/thread/c75fbd7926ed2725?tvc=2\u0026fwc=1"
},
{
"name": "38697",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38697"
},
{
"name": "http://open.silverstripe.org/changeset/98230",
"refsource": "CONFIRM",
"url": "http://open.silverstripe.org/changeset/98230"
},
{
"name": "38394",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38394"
},
{
"name": "62541",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/62541"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-5188",
"datePublished": "2012-08-26T18:00:00",
"dateReserved": "2012-08-26T00:00:00",
"dateUpdated": "2024-08-07T04:09:39.308Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-5197 (GCVE-0-2017-5197)
Vulnerability from cvelistv5
Published
2017-03-06 06:11
Modified
2024-08-05 14:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
There is XSS in SilverStripe CMS before 3.4.4 and 3.5.x before 3.5.2. The attack vector is a page name. An example payload is a crafted JavaScript event handler within a malformed SVG element.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/96572 | vdb-entry, x_refsource_BID | |
| https://www.silverstripe.org/download/security-releases/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:55:35.615Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "96572",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96572"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.silverstripe.org/download/security-releases/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-03-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "There is XSS in SilverStripe CMS before 3.4.4 and 3.5.x before 3.5.2. The attack vector is a page name. An example payload is a crafted JavaScript event handler within a malformed SVG element."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-07T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "96572",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96572"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.silverstripe.org/download/security-releases/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5197",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is XSS in SilverStripe CMS before 3.4.4 and 3.5.x before 3.5.2. The attack vector is a page name. An example payload is a crafted JavaScript event handler within a malformed SVG element."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96572",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96572"
},
{
"name": "https://www.silverstripe.org/download/security-releases/",
"refsource": "CONFIRM",
"url": "https://www.silverstripe.org/download/security-releases/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-5197",
"datePublished": "2017-03-06T06:11:00",
"dateReserved": "2017-01-06T00:00:00",
"dateUpdated": "2024-08-05T14:55:35.615Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-26136 (GCVE-0-2020-26136)
Vulnerability from cvelistv5
Published
2021-06-08 19:37
Modified
2024-08-04 15:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In SilverStripe through 4.6.0-rc1, GraphQL doesn't honour MFA (multi-factor authentication) when using basic authentication.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.silverstripe.org/download/security-releases/ | x_refsource_MISC | |
| https://www.silverstripe.org/blog/tag/release | x_refsource_MISC | |
| https://forum.silverstripe.org/c/releases | x_refsource_MISC | |
| https://www.silverstripe.org/download/security-releases/cve-2020-26136 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:49:07.106Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.silverstripe.org/download/security-releases/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.silverstripe.org/blog/tag/release"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://forum.silverstripe.org/c/releases"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.silverstripe.org/download/security-releases/cve-2020-26136"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In SilverStripe through 4.6.0-rc1, GraphQL doesn\u0027t honour MFA (multi-factor authentication) when using basic authentication."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-08T19:44:32",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.silverstripe.org/download/security-releases/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.silverstripe.org/blog/tag/release"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://forum.silverstripe.org/c/releases"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.silverstripe.org/download/security-releases/cve-2020-26136"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-26136",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In SilverStripe through 4.6.0-rc1, GraphQL doesn\u0027t honour MFA (multi-factor authentication) when using basic authentication."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.silverstripe.org/download/security-releases/",
"refsource": "MISC",
"url": "https://www.silverstripe.org/download/security-releases/"
},
{
"name": "https://www.silverstripe.org/blog/tag/release",
"refsource": "MISC",
"url": "https://www.silverstripe.org/blog/tag/release"
},
{
"name": "https://forum.silverstripe.org/c/releases",
"refsource": "MISC",
"url": "https://forum.silverstripe.org/c/releases"
},
{
"name": "https://www.silverstripe.org/download/security-releases/cve-2020-26136",
"refsource": "MISC",
"url": "https://www.silverstripe.org/download/security-releases/cve-2020-26136"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-26136",
"datePublished": "2021-06-08T19:37:45",
"dateReserved": "2020-09-29T00:00:00",
"dateUpdated": "2024-08-04T15:49:07.106Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-28803 (GCVE-0-2022-28803)
Vulnerability from cvelistv5
Published
2022-06-29 00:50
Modified
2024-08-03 06:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In SilverStripe Framework through 2022-04-07, Stored XSS can occur in javascript link tags added via XMLHttpRequest (XHR).
References
| ▼ | URL | Tags |
|---|---|---|
| https://silverstripe.org | x_refsource_MISC | |
| https://www.silverstripe.org/download/security-releases/cve-2022-28803 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:03:52.992Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://silverstripe.org"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.silverstripe.org/download/security-releases/cve-2022-28803"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In SilverStripe Framework through 2022-04-07, Stored XSS can occur in javascript link tags added via XMLHttpRequest (XHR)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-29T00:50:16",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://silverstripe.org"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.silverstripe.org/download/security-releases/cve-2022-28803"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-28803",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In SilverStripe Framework through 2022-04-07, Stored XSS can occur in javascript link tags added via XMLHttpRequest (XHR)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://silverstripe.org",
"refsource": "MISC",
"url": "https://silverstripe.org"
},
{
"name": "https://www.silverstripe.org/download/security-releases/cve-2022-28803",
"refsource": "MISC",
"url": "https://www.silverstripe.org/download/security-releases/cve-2022-28803"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-28803",
"datePublished": "2022-06-29T00:50:16",
"dateReserved": "2022-04-08T00:00:00",
"dateUpdated": "2024-08-03T06:03:52.992Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-6789 (GCVE-0-2013-6789)
Vulnerability from cvelistv5
Published
2013-11-13 00:00
Modified
2024-09-17 01:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
security/MemberLoginForm.php in SilverStripe 3.0.3 supports credentials in a GET request, which allows remote or local attackers to obtain sensitive information by reading web-server access logs, web-server Referer logs, or the browser history, a similar vulnerability to CVE-2013-2653.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/chillu/silverstripe-framework/commit/3e88c98ca513880e2b43ed7f27ade17fef5d9170 | x_refsource_CONFIRM | |
| http://seclists.org/bugtraq/2013/Aug/12 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:46:23.529Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/chillu/silverstripe-framework/commit/3e88c98ca513880e2b43ed7f27ade17fef5d9170"
},
{
"name": "20130801 SilverStripe(R) Information Exposure Through Query Strings in GET Request (CWE-598)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2013/Aug/12"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "security/MemberLoginForm.php in SilverStripe 3.0.3 supports credentials in a GET request, which allows remote or local attackers to obtain sensitive information by reading web-server access logs, web-server Referer logs, or the browser history, a similar vulnerability to CVE-2013-2653."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-11-13T00:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/chillu/silverstripe-framework/commit/3e88c98ca513880e2b43ed7f27ade17fef5d9170"
},
{
"name": "20130801 SilverStripe(R) Information Exposure Through Query Strings in GET Request (CWE-598)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2013/Aug/12"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-6789",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "security/MemberLoginForm.php in SilverStripe 3.0.3 supports credentials in a GET request, which allows remote or local attackers to obtain sensitive information by reading web-server access logs, web-server Referer logs, or the browser history, a similar vulnerability to CVE-2013-2653."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/chillu/silverstripe-framework/commit/3e88c98ca513880e2b43ed7f27ade17fef5d9170",
"refsource": "CONFIRM",
"url": "https://github.com/chillu/silverstripe-framework/commit/3e88c98ca513880e2b43ed7f27ade17fef5d9170"
},
{
"name": "20130801 SilverStripe(R) Information Exposure Through Query Strings in GET Request (CWE-598)",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2013/Aug/12"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-6789",
"datePublished": "2013-11-13T00:00:00Z",
"dateReserved": "2013-11-12T00:00:00Z",
"dateUpdated": "2024-09-17T01:20:49.875Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-4962 (GCVE-0-2011-4962)
Vulnerability from cvelistv5
Published
2012-09-17 17:00
Modified
2024-09-17 03:23
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
code/sitefeatures/PageCommentInterface.php in SilverStripe 2.4.x before 2.4.6 might allow remote attackers to execute arbitrary code via a crafted cookie in a user comment submission, which is not properly handled when it is deserialized.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2012/04/30/1 | mailing-list, x_refsource_MLIST | |
| https://github.com/silverstripe/silverstripe-cms/commit/d15e850 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2012/04/30/3 | mailing-list, x_refsource_MLIST | |
| http://doc.silverstripe.org/framework/en/trunk/changelogs/2.4.6 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:23:39.308Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20120430 CVE-request: SilverStripe before 2.4.4",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/silverstripe/silverstripe-cms/commit/d15e850"
},
{
"name": "[oss-security] 20120430 Re: CVE-request: SilverStripe before 2.4.4",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://doc.silverstripe.org/framework/en/trunk/changelogs/2.4.6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "code/sitefeatures/PageCommentInterface.php in SilverStripe 2.4.x before 2.4.6 might allow remote attackers to execute arbitrary code via a crafted cookie in a user comment submission, which is not properly handled when it is deserialized."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-09-17T17:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20120430 CVE-request: SilverStripe before 2.4.4",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/silverstripe/silverstripe-cms/commit/d15e850"
},
{
"name": "[oss-security] 20120430 Re: CVE-request: SilverStripe before 2.4.4",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://doc.silverstripe.org/framework/en/trunk/changelogs/2.4.6"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-4962",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "code/sitefeatures/PageCommentInterface.php in SilverStripe 2.4.x before 2.4.6 might allow remote attackers to execute arbitrary code via a crafted cookie in a user comment submission, which is not properly handled when it is deserialized."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20120430 CVE-request: SilverStripe before 2.4.4",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/1"
},
{
"name": "https://github.com/silverstripe/silverstripe-cms/commit/d15e850",
"refsource": "CONFIRM",
"url": "https://github.com/silverstripe/silverstripe-cms/commit/d15e850"
},
{
"name": "[oss-security] 20120430 Re: CVE-request: SilverStripe before 2.4.4",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/3"
},
{
"name": "http://doc.silverstripe.org/framework/en/trunk/changelogs/2.4.6",
"refsource": "CONFIRM",
"url": "http://doc.silverstripe.org/framework/en/trunk/changelogs/2.4.6"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-4962",
"datePublished": "2012-09-17T17:00:00Z",
"dateReserved": "2011-12-23T00:00:00Z",
"dateUpdated": "2024-09-17T03:23:38.376Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-4823 (GCVE-0-2010-4823)
Vulnerability from cvelistv5
Published
2012-09-17 17:00
Modified
2024-08-07 04:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in the httpError method in sapphire/core/control/RequestHandler.php in SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4, when custom error handling is not used, allows remote attackers to inject arbitrary web script or HTML via "missing URL actions."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.osvdb.org/69886 | vdb-entry, x_refsource_OSVDB | |
| http://www.openwall.com/lists/oss-security/2012/05/01/3 | mailing-list, x_refsource_MLIST | |
| http://www.securityfocus.com/bid/45367 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/42346 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/63988 | vdb-entry, x_refsource_XF | |
| http://www.openwall.com/lists/oss-security/2012/04/30/1 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2012/04/30/3 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2011/01/03/12 | mailing-list, x_refsource_MLIST | |
| http://open.silverstripe.org/changeset/114444 | x_refsource_CONFIRM | |
| http://doc.silverstripe.org/framework/en/trunk/changelogs//2.4.4 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:02:30.451Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "69886",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/69886"
},
{
"name": "[oss-security] 20120501 Re: CVE-request: SilverStripe before 2.4.4",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/01/3"
},
{
"name": "45367",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/45367"
},
{
"name": "42346",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42346"
},
{
"name": "silverstripe-requesthandler-xss(63988)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/63988"
},
{
"name": "[oss-security] 20120430 CVE-request: SilverStripe before 2.4.4",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/1"
},
{
"name": "[oss-security] 20120430 Re: CVE-request: SilverStripe before 2.4.4",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/3"
},
{
"name": "[oss-security] 20110104 CVE request: silverstripe before 2.4.4",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/01/03/12"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://open.silverstripe.org/changeset/114444"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://doc.silverstripe.org/framework/en/trunk/changelogs//2.4.4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-02-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the httpError method in sapphire/core/control/RequestHandler.php in SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4, when custom error handling is not used, allows remote attackers to inject arbitrary web script or HTML via \"missing URL actions.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "69886",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/69886"
},
{
"name": "[oss-security] 20120501 Re: CVE-request: SilverStripe before 2.4.4",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/01/3"
},
{
"name": "45367",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/45367"
},
{
"name": "42346",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42346"
},
{
"name": "silverstripe-requesthandler-xss(63988)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/63988"
},
{
"name": "[oss-security] 20120430 CVE-request: SilverStripe before 2.4.4",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/1"
},
{
"name": "[oss-security] 20120430 Re: CVE-request: SilverStripe before 2.4.4",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/3"
},
{
"name": "[oss-security] 20110104 CVE request: silverstripe before 2.4.4",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/01/03/12"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://open.silverstripe.org/changeset/114444"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://doc.silverstripe.org/framework/en/trunk/changelogs//2.4.4"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-4823",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the httpError method in sapphire/core/control/RequestHandler.php in SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4, when custom error handling is not used, allows remote attackers to inject arbitrary web script or HTML via \"missing URL actions.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "69886",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/69886"
},
{
"name": "[oss-security] 20120501 Re: CVE-request: SilverStripe before 2.4.4",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/05/01/3"
},
{
"name": "45367",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45367"
},
{
"name": "42346",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42346"
},
{
"name": "silverstripe-requesthandler-xss(63988)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/63988"
},
{
"name": "[oss-security] 20120430 CVE-request: SilverStripe before 2.4.4",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/1"
},
{
"name": "[oss-security] 20120430 Re: CVE-request: SilverStripe before 2.4.4",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/3"
},
{
"name": "[oss-security] 20110104 CVE request: silverstripe before 2.4.4",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/01/03/12"
},
{
"name": "http://open.silverstripe.org/changeset/114444",
"refsource": "CONFIRM",
"url": "http://open.silverstripe.org/changeset/114444"
},
{
"name": "http://doc.silverstripe.org/framework/en/trunk/changelogs//2.4.4",
"refsource": "CONFIRM",
"url": "http://doc.silverstripe.org/framework/en/trunk/changelogs//2.4.4"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-4823",
"datePublished": "2012-09-17T17:00:00",
"dateReserved": "2011-08-19T00:00:00",
"dateUpdated": "2024-08-07T04:02:30.451Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-4960 (GCVE-0-2011-4960)
Vulnerability from cvelistv5
Published
2012-09-17 17:00
Modified
2024-09-17 00:52
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
SQL injection vulnerability in the Folder::findOrMake method in SilverStripe 2.3.x before 2.3.12 and 2.4.x before 2.4.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/silverstripe/sapphire/commit/fef7c32 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2012/04/30/1 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2012/04/30/3 | mailing-list, x_refsource_MLIST | |
| http://doc.silverstripe.org/framework/en/trunk/changelogs/2.3.12 | x_refsource_CONFIRM | |
| http://doc.silverstripe.org/framework/en/trunk/changelogs/2.4.6 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:23:39.376Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/silverstripe/sapphire/commit/fef7c32"
},
{
"name": "[oss-security] 20120430 CVE-request: SilverStripe before 2.4.4",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/1"
},
{
"name": "[oss-security] 20120430 Re: CVE-request: SilverStripe before 2.4.4",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://doc.silverstripe.org/framework/en/trunk/changelogs/2.3.12"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://doc.silverstripe.org/framework/en/trunk/changelogs/2.4.6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Folder::findOrMake method in SilverStripe 2.3.x before 2.3.12 and 2.4.x before 2.4.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-09-17T17:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/silverstripe/sapphire/commit/fef7c32"
},
{
"name": "[oss-security] 20120430 CVE-request: SilverStripe before 2.4.4",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/1"
},
{
"name": "[oss-security] 20120430 Re: CVE-request: SilverStripe before 2.4.4",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://doc.silverstripe.org/framework/en/trunk/changelogs/2.3.12"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://doc.silverstripe.org/framework/en/trunk/changelogs/2.4.6"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-4960",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Folder::findOrMake method in SilverStripe 2.3.x before 2.3.12 and 2.4.x before 2.4.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/silverstripe/sapphire/commit/fef7c32",
"refsource": "CONFIRM",
"url": "https://github.com/silverstripe/sapphire/commit/fef7c32"
},
{
"name": "[oss-security] 20120430 CVE-request: SilverStripe before 2.4.4",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/1"
},
{
"name": "[oss-security] 20120430 Re: CVE-request: SilverStripe before 2.4.4",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/3"
},
{
"name": "http://doc.silverstripe.org/framework/en/trunk/changelogs/2.3.12",
"refsource": "CONFIRM",
"url": "http://doc.silverstripe.org/framework/en/trunk/changelogs/2.3.12"
},
{
"name": "http://doc.silverstripe.org/framework/en/trunk/changelogs/2.4.6",
"refsource": "CONFIRM",
"url": "http://doc.silverstripe.org/framework/en/trunk/changelogs/2.4.6"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-4960",
"datePublished": "2012-09-17T17:00:00Z",
"dateReserved": "2011-12-23T00:00:00Z",
"dateUpdated": "2024-09-17T00:52:26.777Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-36150 (GCVE-0-2021-36150)
Vulnerability from cvelistv5
Published
2021-10-07 13:59
Modified
2024-08-04 00:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
SilverStripe Framework through 4.8.1 allows XSS.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/silverstripe/silverstripe-framework/releases | x_refsource_MISC | |
| https://www.silverstripe.org/download/security-releases/CVE-2021-36150 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:47:43.850Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/silverstripe/silverstripe-framework/releases"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.silverstripe.org/download/security-releases/CVE-2021-36150"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SilverStripe Framework through 4.8.1 allows XSS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-07T13:59:08",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/silverstripe/silverstripe-framework/releases"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.silverstripe.org/download/security-releases/CVE-2021-36150"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-36150",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SilverStripe Framework through 4.8.1 allows XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/silverstripe/silverstripe-framework/releases",
"refsource": "MISC",
"url": "https://github.com/silverstripe/silverstripe-framework/releases"
},
{
"name": "https://www.silverstripe.org/download/security-releases/CVE-2021-36150",
"refsource": "MISC",
"url": "https://www.silverstripe.org/download/security-releases/CVE-2021-36150"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-36150",
"datePublished": "2021-10-07T13:59:08",
"dateReserved": "2021-07-02T00:00:00",
"dateUpdated": "2024-08-04T00:47:43.850Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-6458 (GCVE-0-2012-6458)
Vulnerability from cvelistv5
Published
2013-08-09 22:00
Modified
2024-09-17 03:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the SilverStripe e-commerce module 3.0 for SilverStripe CMS allow remote attackers to inject arbitrary web script or HTML via the (1) FirstName, (2) Surname, or (3) Email parameter to code/forms/OrderFormAddress.php; or the (4) FirstName or (5) Surname parameter to code/forms/ShopAccountForm.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://archives.neohapsis.com/archives/bugtraq/2013-07/0090.html | mailing-list, x_refsource_BUGTRAQ | |
| https://code.google.com/p/silverstripe-ecommerce/source/detail?r=3739 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:28:39.787Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20130714 [CVE-2012-6458] Multiple Persistent XSS in silverstripe-ecommerce",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-07/0090.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://code.google.com/p/silverstripe-ecommerce/source/detail?r=3739"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the SilverStripe e-commerce module 3.0 for SilverStripe CMS allow remote attackers to inject arbitrary web script or HTML via the (1) FirstName, (2) Surname, or (3) Email parameter to code/forms/OrderFormAddress.php; or the (4) FirstName or (5) Surname parameter to code/forms/ShopAccountForm.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-08-09T22:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20130714 [CVE-2012-6458] Multiple Persistent XSS in silverstripe-ecommerce",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-07/0090.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://code.google.com/p/silverstripe-ecommerce/source/detail?r=3739"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6458",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the SilverStripe e-commerce module 3.0 for SilverStripe CMS allow remote attackers to inject arbitrary web script or HTML via the (1) FirstName, (2) Surname, or (3) Email parameter to code/forms/OrderFormAddress.php; or the (4) FirstName or (5) Surname parameter to code/forms/ShopAccountForm.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20130714 [CVE-2012-6458] Multiple Persistent XSS in silverstripe-ecommerce",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-07/0090.html"
},
{
"name": "https://code.google.com/p/silverstripe-ecommerce/source/detail?r=3739",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/silverstripe-ecommerce/source/detail?r=3739"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-6458",
"datePublished": "2013-08-09T22:00:00Z",
"dateReserved": "2012-12-31T00:00:00Z",
"dateUpdated": "2024-09-17T03:32:48.203Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-12849 (GCVE-0-2017-12849)
Vulnerability from cvelistv5
Published
2017-10-12 15:00
Modified
2024-08-05 18:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Response discrepancy in the login and password reset forms in SilverStripe CMS before 3.5.5 and 3.6.x before 3.6.1 allows remote attackers to enumerate users via timing attacks.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.silverstripe.org/download/security-releases/ss-2017-005 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:51:06.384Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.silverstripe.org/download/security-releases/ss-2017-005"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-09-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Response discrepancy in the login and password reset forms in SilverStripe CMS before 3.5.5 and 3.6.x before 3.6.1 allows remote attackers to enumerate users via timing attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-12T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.silverstripe.org/download/security-releases/ss-2017-005"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-12849",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Response discrepancy in the login and password reset forms in SilverStripe CMS before 3.5.5 and 3.6.x before 3.6.1 allows remote attackers to enumerate users via timing attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.silverstripe.org/download/security-releases/ss-2017-005",
"refsource": "CONFIRM",
"url": "https://www.silverstripe.org/download/security-releases/ss-2017-005"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-12849",
"datePublished": "2017-10-12T15:00:00",
"dateReserved": "2017-08-14T00:00:00",
"dateUpdated": "2024-08-05T18:51:06.384Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-41559 (GCVE-0-2021-41559)
Vulnerability from cvelistv5
Published
2022-06-28 21:27
Modified
2024-08-04 03:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Silverstripe silverstripe/framework 4.8.1 has a quadratic blowup in Convert::xml2array() that enables a remote attack via a crafted XML document.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.silverstripe.org/download/security-releases/ | x_refsource_MISC | |
| https://github.com/silverstripe/silverstripe-framework/releases | x_refsource_MISC | |
| https://www.silverstripe.org/download/security-releases/cve-2021-41559 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:15:29.078Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.silverstripe.org/download/security-releases/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/silverstripe/silverstripe-framework/releases"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.silverstripe.org/download/security-releases/cve-2021-41559"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Silverstripe silverstripe/framework 4.8.1 has a quadratic blowup in Convert::xml2array() that enables a remote attack via a crafted XML document."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-28T21:27:23",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.silverstripe.org/download/security-releases/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/silverstripe/silverstripe-framework/releases"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.silverstripe.org/download/security-releases/cve-2021-41559"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-41559",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Silverstripe silverstripe/framework 4.8.1 has a quadratic blowup in Convert::xml2array() that enables a remote attack via a crafted XML document."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.silverstripe.org/download/security-releases/",
"refsource": "MISC",
"url": "https://www.silverstripe.org/download/security-releases/"
},
{
"name": "https://github.com/silverstripe/silverstripe-framework/releases",
"refsource": "MISC",
"url": "https://github.com/silverstripe/silverstripe-framework/releases"
},
{
"name": "https://www.silverstripe.org/download/security-releases/cve-2021-41559",
"refsource": "MISC",
"url": "https://www.silverstripe.org/download/security-releases/cve-2021-41559"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-41559",
"datePublished": "2022-06-28T21:27:23",
"dateReserved": "2021-09-22T00:00:00",
"dateUpdated": "2024-08-04T03:15:29.078Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-12246 (GCVE-0-2019-12246)
Vulnerability from cvelistv5
Published
2020-02-19 16:29
Modified
2024-08-04 23:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
SilverStripe through 4.3.3 allows a Denial of Service on flush and development URL tools.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.silverstripe.org/download/security-releases/ | x_refsource_CONFIRM | |
| https://www.silverstripe.org/blog/tag/release | x_refsource_MISC | |
| https://forum.silverstripe.org/c/releases | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:17:38.907Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.silverstripe.org/download/security-releases/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.silverstripe.org/blog/tag/release"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://forum.silverstripe.org/c/releases"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SilverStripe through 4.3.3 allows a Denial of Service on flush and development URL tools."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-19T16:29:37",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.silverstripe.org/download/security-releases/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.silverstripe.org/blog/tag/release"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://forum.silverstripe.org/c/releases"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-12246",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SilverStripe through 4.3.3 allows a Denial of Service on flush and development URL tools."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.silverstripe.org/download/security-releases/",
"refsource": "CONFIRM",
"url": "https://www.silverstripe.org/download/security-releases/"
},
{
"name": "https://www.silverstripe.org/blog/tag/release",
"refsource": "MISC",
"url": "https://www.silverstripe.org/blog/tag/release"
},
{
"name": "https://forum.silverstripe.org/c/releases",
"refsource": "MISC",
"url": "https://forum.silverstripe.org/c/releases"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-12246",
"datePublished": "2020-02-19T16:29:37",
"dateReserved": "2019-05-20T00:00:00",
"dateUpdated": "2024-08-04T23:17:38.907Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-25817 (GCVE-0-2020-25817)
Vulnerability from cvelistv5
Published
2021-06-08 17:54
Modified
2024-08-04 15:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
SilverStripe through 4.6.0-rc1 has an XXE Vulnerability in CSSContentParser. A developer utility meant for parsing HTML within unit tests can be vulnerable to XML External Entity (XXE) attacks. When this developer utility is misused for purposes involving external or user submitted data in custom project code, it can lead to vulnerabilities such as XSS on HTML output rendered through this custom code. This is now mitigated by disabling external entities during parsing. (The correct CVE ID year is 2020 [CVE-2020-25817, not CVE-2021-25817]).
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.silverstripe.org/download/security-releases/ | x_refsource_CONFIRM | |
| https://www.silverstripe.org/blog/tag/release | x_refsource_MISC | |
| https://forum.silverstripe.org/c/releases | x_refsource_MISC | |
| https://www.silverstripe.org/download/security-releases/cve-2020-25817 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:40:36.948Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.silverstripe.org/download/security-releases/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.silverstripe.org/blog/tag/release"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://forum.silverstripe.org/c/releases"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.silverstripe.org/download/security-releases/cve-2020-25817"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SilverStripe through 4.6.0-rc1 has an XXE Vulnerability in CSSContentParser. A developer utility meant for parsing HTML within unit tests can be vulnerable to XML External Entity (XXE) attacks. When this developer utility is misused for purposes involving external or user submitted data in custom project code, it can lead to vulnerabilities such as XSS on HTML output rendered through this custom code. This is now mitigated by disabling external entities during parsing. (The correct CVE ID year is 2020 [CVE-2020-25817, not CVE-2021-25817])."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-08T19:51:03",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.silverstripe.org/download/security-releases/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.silverstripe.org/blog/tag/release"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://forum.silverstripe.org/c/releases"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.silverstripe.org/download/security-releases/cve-2020-25817"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-25817",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SilverStripe through 4.6.0-rc1 has an XXE Vulnerability in CSSContentParser. A developer utility meant for parsing HTML within unit tests can be vulnerable to XML External Entity (XXE) attacks. When this developer utility is misused for purposes involving external or user submitted data in custom project code, it can lead to vulnerabilities such as XSS on HTML output rendered through this custom code. This is now mitigated by disabling external entities during parsing. (The correct CVE ID year is 2020 [CVE-2020-25817, not CVE-2021-25817])."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.silverstripe.org/download/security-releases/",
"refsource": "CONFIRM",
"url": "https://www.silverstripe.org/download/security-releases/"
},
{
"name": "https://www.silverstripe.org/blog/tag/release",
"refsource": "MISC",
"url": "https://www.silverstripe.org/blog/tag/release"
},
{
"name": "https://forum.silverstripe.org/c/releases",
"refsource": "MISC",
"url": "https://forum.silverstripe.org/c/releases"
},
{
"name": "https://www.silverstripe.org/download/security-releases/cve-2020-25817",
"refsource": "MISC",
"url": "https://www.silverstripe.org/download/security-releases/cve-2020-25817"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-25817",
"datePublished": "2021-06-08T17:54:01",
"dateReserved": "2020-09-23T00:00:00",
"dateUpdated": "2024-08-04T15:40:36.948Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-37421 (GCVE-0-2022-37421)
Vulnerability from cvelistv5
Published
2022-11-23 00:00
Modified
2025-04-25 20:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Silverstripe silverstripe/cms through 4.11.0 allows XSS.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:29:21.021Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.silverstripe.org/download/security-releases/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.silverstripe.org/blog/tag/release"
},
{
"tags": [
"x_transferred"
],
"url": "https://forum.silverstripe.org/c/releases"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.silverstripe.org/download/security-releases/CVE-2022-37421"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-37421",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-25T20:34:09.540772Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-25T20:35:25.056Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Silverstripe silverstripe/cms through 4.11.0 allows XSS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-23T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.silverstripe.org/download/security-releases/"
},
{
"url": "https://www.silverstripe.org/blog/tag/release"
},
{
"url": "https://forum.silverstripe.org/c/releases"
},
{
"url": "https://www.silverstripe.org/download/security-releases/CVE-2022-37421"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-37421",
"datePublished": "2022-11-23T00:00:00.000Z",
"dateReserved": "2022-08-05T00:00:00.000Z",
"dateUpdated": "2025-04-25T20:35:25.056Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-26138 (GCVE-0-2020-26138)
Vulnerability from cvelistv5
Published
2021-06-08 17:35
Modified
2024-08-04 15:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In SilverStripe through 4.6.0-rc1, a FormField with square brackets in the field name skips validation.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.silverstripe.org/download/security-releases/ | x_refsource_CONFIRM | |
| https://www.silverstripe.org/blog/tag/release | x_refsource_MISC | |
| https://forum.silverstripe.org/c/releases | x_refsource_MISC | |
| https://www.silverstripe.org/download/security-releases/cve-2020-26138 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:49:07.142Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.silverstripe.org/download/security-releases/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.silverstripe.org/blog/tag/release"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://forum.silverstripe.org/c/releases"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.silverstripe.org/download/security-releases/cve-2020-26138"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In SilverStripe through 4.6.0-rc1, a FormField with square brackets in the field name skips validation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-08T17:35:06",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.silverstripe.org/download/security-releases/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.silverstripe.org/blog/tag/release"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://forum.silverstripe.org/c/releases"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.silverstripe.org/download/security-releases/cve-2020-26138"
}
],
"source": {
"discovery": "INTERNAL"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-26138",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In SilverStripe through 4.6.0-rc1, a FormField with square brackets in the field name skips validation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.silverstripe.org/download/security-releases/",
"refsource": "CONFIRM",
"url": "https://www.silverstripe.org/download/security-releases/"
},
{
"name": "https://www.silverstripe.org/blog/tag/release",
"refsource": "MISC",
"url": "https://www.silverstripe.org/blog/tag/release"
},
{
"name": "https://forum.silverstripe.org/c/releases",
"refsource": "MISC",
"url": "https://forum.silverstripe.org/c/releases"
},
{
"name": "https://www.silverstripe.org/download/security-releases/cve-2020-26138",
"refsource": "MISC",
"url": "https://www.silverstripe.org/download/security-releases/cve-2020-26138"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-26138",
"datePublished": "2021-06-08T17:35:06",
"dateReserved": "2020-09-29T00:00:00",
"dateUpdated": "2024-08-04T15:49:07.142Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2013-08-09 22:55
Modified
2025-04-11 00:51
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the SilverStripe e-commerce module 3.0 for SilverStripe CMS allow remote attackers to inject arbitrary web script or HTML via the (1) FirstName, (2) Surname, or (3) Email parameter to code/forms/OrderFormAddress.php; or the (4) FirstName or (5) Surname parameter to code/forms/ShopAccountForm.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| silverstripe | silverstripe | 3.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E6A8197A-DEC3-4E1D-8B65-915BD0047631",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the SilverStripe e-commerce module 3.0 for SilverStripe CMS allow remote attackers to inject arbitrary web script or HTML via the (1) FirstName, (2) Surname, or (3) Email parameter to code/forms/OrderFormAddress.php; or the (4) FirstName or (5) Surname parameter to code/forms/ShopAccountForm.php."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de cross-site scripting (XSS) en el m\u00f3dulo SilverStripe e-commerce v3.0 para SilverStripe CMS, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de los par\u00e1metros (1) FirstName, (2) Surname, o (3) Email en code/forms/OrderFormAddress.php; o los par\u00e1metros (4) FirstName o (5) Surname en code/forms/ShopAccountForm.php."
}
],
"id": "CVE-2012-6458",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-08-09T22:55:03.713",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-07/0090.html"
},
{
"source": "cve@mitre.org",
"url": "https://code.google.com/p/silverstripe-ecommerce/source/detail?r=3739"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-07/0090.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://code.google.com/p/silverstripe-ecommerce/source/detail?r=3739"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-06-28 22:15
Modified
2024-11-21 06:50
Severity ?
Summary
Silverstripe silverstripe/framework through 4.10 allows Session Fixation.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| silverstripe | silverstripe | * | |
| silverstripe | silverstripe | 2.5.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F1CC61CD-B330-40E3-B477-248C3F26469B",
"versionEndIncluding": "2.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "399DC7BD-4BB8-40DD-8C80-7635CB33ACA2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Silverstripe silverstripe/framework through 4.10 allows Session Fixation."
},
{
"lang": "es",
"value": "Silverstripe silverstripe/framework versiones hasta 4.10, permite una Fijaci\u00f3n de Sesi\u00f3n"
}
],
"id": "CVE-2022-24444",
"lastModified": "2024-11-21T06:50:25.933",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-28T22:15:07.913",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "https://docs.silverstripe.org/en/4/changelogs/4.10.1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://forum.silverstripe.org/c/releases"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.silverstripe.org/blog/tag/release"
},
{
"source": "cve@mitre.org",
"tags": [
"Not Applicable",
"Vendor Advisory"
],
"url": "https://www.silverstripe.org/download/security-releases/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.silverstripe.org/download/security-releases/cve-2022-24444"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "https://docs.silverstripe.org/en/4/changelogs/4.10.1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://forum.silverstripe.org/c/releases"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.silverstripe.org/blog/tag/release"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable",
"Vendor Advisory"
],
"url": "https://www.silverstripe.org/download/security-releases/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.silverstripe.org/download/security-releases/cve-2022-24444"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-384"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-09-26 12:15
Modified
2024-11-21 04:23
Severity ?
Summary
In SilverStripe through 4.3.3, there is access escalation for CMS users with limited access through permission cache pollution.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://forum.silverstripe.org/c/releases | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://www.silverstripe.org/blog/tag/release | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://www.silverstripe.org/download/security-releases/ | Vendor Advisory | |
| cve@mitre.org | https://www.silverstripe.org/download/security-releases/CVE-2019-12617 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://forum.silverstripe.org/c/releases | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.silverstripe.org/blog/tag/release | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.silverstripe.org/download/security-releases/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.silverstripe.org/download/security-releases/CVE-2019-12617 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| silverstripe | silverstripe | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5C33B9A7-7ACA-4030-8D41-B4F028B6835F",
"versionEndIncluding": "4.3.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In SilverStripe through 4.3.3, there is access escalation for CMS users with limited access through permission cache pollution."
},
{
"lang": "es",
"value": "En SilverStripe versiones hasta 4.3.3, se presenta una escalada de acceso para usuarios de CMS con acceso limitado mediante la contaminaci\u00f3n de la cach\u00e9 de permisos."
}
],
"id": "CVE-2019-12617",
"lastModified": "2024-11-21T04:23:11.803",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-09-26T12:15:11.190",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://forum.silverstripe.org/c/releases"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.silverstripe.org/blog/tag/release"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.silverstripe.org/download/security-releases/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.silverstripe.org/download/security-releases/CVE-2019-12617"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://forum.silverstripe.org/c/releases"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.silverstripe.org/blog/tag/release"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.silverstripe.org/download/security-releases/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.silverstripe.org/download/security-releases/CVE-2019-12617"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-08-26 18:55
Modified
2025-04-11 00:51
Severity ?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in SilverStripe 2.3.x before 2.3.9 and 2.4.x before 2.4.3 allow remote attackers to hijack the authentication of administrators via destructive controller actions, a different vulnerability than CVE-2010-5087.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| silverstripe | silverstripe | 2.3.0 | |
| silverstripe | silverstripe | 2.3.0 | |
| silverstripe | silverstripe | 2.3.0 | |
| silverstripe | silverstripe | 2.3.0 | |
| silverstripe | silverstripe | 2.3.1 | |
| silverstripe | silverstripe | 2.3.1 | |
| silverstripe | silverstripe | 2.3.1 | |
| silverstripe | silverstripe | 2.3.2 | |
| silverstripe | silverstripe | 2.3.3 | |
| silverstripe | silverstripe | 2.3.4 | |
| silverstripe | silverstripe | 2.3.5 | |
| silverstripe | silverstripe | 2.3.6 | |
| silverstripe | silverstripe | 2.3.7 | |
| silverstripe | silverstripe | 2.3.8 | |
| silverstripe | silverstripe | 2.4.0 | |
| silverstripe | silverstripe | 2.4.1 | |
| silverstripe | silverstripe | 2.4.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "24734325-97DA-4B2C-B192-3F4B83CCF0C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D875C510-39F2-4726-9DBD-3D95A5CB3D5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "BE8C544D-E233-488D-B768-8C077BB79338",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "26E1807F-7DEB-4519-95B9-4FA647C7D477",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "609BEA7D-81F2-4DFE-AB2A-157A6B7DE348",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "FAB67F4E-0E56-4597-BD9B-90D07685D7F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "AA541F02-F78A-4E43-8212-690810311187",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7856E216-D7B7-48A5-9D20-9F1973DA005D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DF4FF5F5-6565-4EA1-8099-2C4C964DA006",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7E0AD691-1BA2-4D8B-935C-B2C7A31BD5ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2AD30632-B31E-4425-827E-205351ABECE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "706247B5-ACA3-4863-BDBC-B42EA95E1476",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "87690027-1CF7-477E-91FE-87E6F77B2988",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "9731FCBA-AA01-4510-87B1-E547AD28D09D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F5BCB4DE-0432-4378-8A31-81208794EBD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DE198516-3D97-4804-84CF-8F9AAC60E795",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "534AD362-1460-4784-97C8-3AA5DD830F94",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in SilverStripe 2.3.x before 2.3.9 and 2.4.x before 2.4.3 allow remote attackers to hijack the authentication of administrators via destructive controller actions, a different vulnerability than CVE-2010-5087."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de solicitudes falsificadas en sitios cruzados (CSRF) en SilverStripe v2.3.x anterior a v2.3.9 y v2.4.x anterior a v2.4.3 permite a atacantes remotos secuestrar la autenticaci\u00f3n de los administradores a trav\u00e9s de acciones destructivas del controlador, una vulnerabilidad diferente de CVE-2010-5087."
}
],
"id": "CVE-2010-5088",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-08-26T18:55:01.153",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.3.9"
},
{
"source": "secalert@redhat.com",
"url": "http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.4.3"
},
{
"source": "secalert@redhat.com",
"url": "http://holisticinfosec.org/content/view/157/45/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://open.silverstripe.org/changeset/113275"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://open.silverstripe.org/changeset/113282"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/41717"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2011/01/03/12"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/3"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/05/01/3"
},
{
"source": "secalert@redhat.com",
"url": "http://www.osvdb.org/69113"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/44768"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/63156"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.3.9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.4.3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://holisticinfosec.org/content/view/157/45/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://open.silverstripe.org/changeset/113275"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://open.silverstripe.org/changeset/113282"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/41717"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2011/01/03/12"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/05/01/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/69113"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/44768"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/63156"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-02-17 20:15
Modified
2024-11-21 04:34
Severity ?
Summary
SilverStripe through 4.4.x before 4.4.5 and 4.5.x before 4.5.2 allows Reflected XSS on the login form and custom forms. Silverstripe Forms allow malicious HTML or JavaScript to be inserted through non-scalar FormField attributes, which allows performing XSS (Cross-Site Scripting) on some forms built with user input (Request data). This can lead to phishing attempts to obtain a user's credentials or other sensitive user input.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| silverstripe | silverstripe | * | |
| silverstripe | silverstripe | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3CE3FBA8-9BFD-495A-9F88-D2D1BA0AFC53",
"versionEndExcluding": "4.4.5",
"versionStartIncluding": "4.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4B50E745-EC7B-43FE-B5B3-63DB1FBAC77B",
"versionEndExcluding": "4.5.2",
"versionStartIncluding": "4.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SilverStripe through 4.4.x before 4.4.5 and 4.5.x before 4.5.2 allows Reflected XSS on the login form and custom forms. Silverstripe Forms allow malicious HTML or JavaScript to be inserted through non-scalar FormField attributes, which allows performing XSS (Cross-Site Scripting) on some forms built with user input (Request data). This can lead to phishing attempts to obtain a user\u0027s credentials or other sensitive user input."
},
{
"lang": "es",
"value": "SilverStripe versiones hasta 4.4.x anteriores a 4.4.5 y versiones 4.5.x anteriores a 4.5.2, permite un ataque de tipo XSS Reflejado en el formulario de inicio de sesi\u00f3n y formularios personalizados. Silverstripe Forms permite insertar HTML o JavaScript malicioso por medio de atributos FormField no escalares, lo que permite llevar a cabo un ataque de tipo XSS (Cross-Site Scripting) en algunos formularios creados con la entrada del usuario (Request data). Esto puede conllevar a intentos de phishing para obtener las credenciales de un usuario u otra entrada confidencial del usuario."
}
],
"id": "CVE-2019-19325",
"lastModified": "2024-11-21T04:34:34.527",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-02-17T20:15:11.007",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.silverstripe.org/download/security-releases/cve-2019-19325"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.silverstripe.org/download/security-releases/cve-2019-19325"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-04-15 21:15
Modified
2024-11-21 05:40
Severity ?
Summary
In SilverStripe through 4.5, files uploaded via Forms to folders migrated from Silverstripe CMS 3.x may be put to the default "/Uploads" folder instead. This affects installations which allowed upload folder protection via the optional silverstripe/secureassets module under 3.x. This module is installed and enabled by default on the Common Web Platform (CWP). The vulnerability only affects files uploaded after an upgrade to 4.x.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| silverstripe | silverstripe | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AFEAE2BD-0B5A-4804-AADD-62F4DEDE58A4",
"versionEndIncluding": "4.5.0",
"versionStartIncluding": "4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In SilverStripe through 4.5, files uploaded via Forms to folders migrated from Silverstripe CMS 3.x may be put to the default \"/Uploads\" folder instead. This affects installations which allowed upload folder protection via the optional silverstripe/secureassets module under 3.x. This module is installed and enabled by default on the Common Web Platform (CWP). The vulnerability only affects files uploaded after an upgrade to 4.x."
},
{
"lang": "es",
"value": "En SilverStripe versiones hasta 4.5, los archivos cargados por medio de Formularios hacia carpetas migradas desde Silverstripe CMS versiones 3.x, pueden ser colocados en la carpeta predeterminada \"/Uploads\". Esto afecta a las instalaciones que permitieron la protecci\u00f3n de la carpeta de carga por medio del m\u00f3dulo opcional silverstripe/secureassets bajo las versiones 3.x. Este m\u00f3dulo est\u00e1 instalado y habilitado por defecto en la Common Web Platform (CWP). La vulnerabilidad solo afecta a los archivos cargados despu\u00e9s de una actualizaci\u00f3n en las versiones 4.x."
}
],
"id": "CVE-2020-9280",
"lastModified": "2024-11-21T05:40:20.790",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-04-15T21:15:36.967",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://forum.silverstripe.org/c/releases"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.silverstripe.org/download/security-releases/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.silverstripe.org/download/security-releases/cve-2020-9280"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://forum.silverstripe.org/c/releases"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.silverstripe.org/download/security-releases/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.silverstripe.org/download/security-releases/cve-2020-9280"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-07-15 21:15
Modified
2024-11-21 05:35
Severity ?
Summary
In SilverStripe through 4.5.0, a specific URL path configured by default through the silverstripe/framework module can be used to disclose the fact that a domain is hosting a Silverstripe application. There is no disclosure of the specific version. The functionality on this URL path is limited to execution in a CLI context, and is not known to present a vulnerability through web-based access. As a side-effect, this preconfigured path also blocks the creation of other resources on this path (e.g. a page).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| silverstripe | silverstripe | * | |
| silverstripe | silverstripe | * | |
| silverstripe | silverstripe | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CD4EAB7B-E315-42D6-AEBE-C4707D12F6E7",
"versionEndIncluding": "3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FA2589F5-9B99-4DE2-96F0-F59D7F58987D",
"versionEndExcluding": "4.4.7",
"versionStartIncluding": "4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2C4AD7A3-B9F1-463E-95D8-B47AF68463FE",
"versionEndExcluding": "4.5.4",
"versionStartIncluding": "4.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In SilverStripe through 4.5.0, a specific URL path configured by default through the silverstripe/framework module can be used to disclose the fact that a domain is hosting a Silverstripe application. There is no disclosure of the specific version. The functionality on this URL path is limited to execution in a CLI context, and is not known to present a vulnerability through web-based access. As a side-effect, this preconfigured path also blocks the creation of other resources on this path (e.g. a page)."
},
{
"lang": "es",
"value": "En SilverStripe versiones hasta 4.5.0, una ruta URL espec\u00edfica configurada por defecto por medio del m\u00f3dulo silverstripe/framework puede ser usada para revelar el hecho de que un dominio aloja una aplicaci\u00f3n Silverstripe. No se presenta divulgaci\u00f3n de la versi\u00f3n espec\u00edfica. La funcionalidad en esta ruta URL est\u00e1 limitada a una ejecuci\u00f3n en un contexto de CLI, y no se sabe que presente una vulnerabilidad por medio del acceso basado en la web. Como efecto secundario, esta ruta preconfigurada tambi\u00e9n bloquea la creaci\u00f3n de otros recursos en esta ruta (por ejemplo, una p\u00e1gina)"
}
],
"id": "CVE-2020-6164",
"lastModified": "2024-11-21T05:35:13.457",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-07-15T21:15:13.490",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.silverstripe.org/download/security-releases/CVE-2020-6164"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.silverstripe.org/download/security-releases/CVE-2020-6164"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-09-25 19:15
Modified
2024-11-21 04:22
Severity ?
Summary
SilverStripe through 4.3.3 has incorrect access control for protected files uploaded via Upload::loadIntoFile(). An attacker may be able to guess a filename in silverstripe/assets via the AssetControlExtension.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://forum.silverstripe.org/c/releases | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://www.silverstripe.org/download/security-releases/ | Vendor Advisory | |
| cve@mitre.org | https://www.silverstripe.org/download/security-releases/CVE-2019-12245 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://forum.silverstripe.org/c/releases | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.silverstripe.org/download/security-releases/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.silverstripe.org/download/security-releases/CVE-2019-12245 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| silverstripe | silverstripe | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5C33B9A7-7ACA-4030-8D41-B4F028B6835F",
"versionEndIncluding": "4.3.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SilverStripe through 4.3.3 has incorrect access control for protected files uploaded via Upload::loadIntoFile(). An attacker may be able to guess a filename in silverstripe/assets via the AssetControlExtension."
},
{
"lang": "es",
"value": "SilverStripe versiones hasta 4.3.3, presenta un control de acceso incorrecto para los archivos protegidos cargados por medio de la funci\u00f3n Upload::loadIntoFile(). Un atacante puede ser capaz de adivinar un nombre de archivo en silverstripe/assets por medio del AssetControlExtension."
}
],
"id": "CVE-2019-12245",
"lastModified": "2024-11-21T04:22:28.343",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-09-25T19:15:10.407",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://forum.silverstripe.org/c/releases"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.silverstripe.org/download/security-releases/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.silverstripe.org/download/security-releases/CVE-2019-12245"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://forum.silverstripe.org/c/releases"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.silverstripe.org/download/security-releases/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.silverstripe.org/download/security-releases/CVE-2019-12245"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-732"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-04-27 18:00
Modified
2025-04-09 00:30
Severity ?
Summary
SQL injection vulnerability in SilverStripe before 2.2.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to AjaxUniqueTextField.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| silverstripe | silverstripe | * | |
| silverstripe | silverstripe | 2.0.0 | |
| silverstripe | silverstripe | 2.0.1 | |
| silverstripe | silverstripe | 2.0.2 | |
| silverstripe | silverstripe | 2.1.0 | |
| silverstripe | silverstripe | 2.1.1 | |
| silverstripe | silverstripe | 2.2.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C9782624-2EF6-4F59-99F7-CF89C1C8583B",
"versionEndIncluding": "2.2.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D93D92D9-A3CC-46D0-8539-587F2B3A3A07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6330F446-45E8-4C3E-8585-4BAA9385DFD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3AC23F5D-AC9E-4F83-95B2-CEF6E546E732",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "77480CB4-04B8-4934-AB1D-B61BB262CD40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D735517-B50D-4C4B-A95F-E48626AB5671",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8CA1CDF7-D273-4044-94AB-3295EAD98AD0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in SilverStripe before 2.2.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to AjaxUniqueTextField."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en SilverStripe anterior a v2.2.2 permite a atacantes remotos ejecutar comandos SQL a su elecci\u00f3n a trav\u00e9s de vectores no especificados relacionados con AjaxUniqueTextField."
}
],
"id": "CVE-2008-6753",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-04-27T18:00:00.203",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://silverstripe.org/archive/show/43794"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2009/04/13/2"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/34852"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50368"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://silverstripe.org/archive/show/43794"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2009/04/13/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/34852"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50368"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-02-19 17:15
Modified
2024-11-21 04:22
Severity ?
Summary
SilverStripe through 4.3.3 allows a Denial of Service on flush and development URL tools.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://forum.silverstripe.org/c/releases | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://www.silverstripe.org/blog/tag/release | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://www.silverstripe.org/download/security-releases/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://forum.silverstripe.org/c/releases | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.silverstripe.org/blog/tag/release | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.silverstripe.org/download/security-releases/ | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| silverstripe | silverstripe | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5C33B9A7-7ACA-4030-8D41-B4F028B6835F",
"versionEndIncluding": "4.3.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SilverStripe through 4.3.3 allows a Denial of Service on flush and development URL tools."
},
{
"lang": "es",
"value": "SilverStripe versiones hasta 4.3.3, permite una Denegaci\u00f3n de Servicio en herramientas URL de descarga y desarrollo."
}
],
"id": "CVE-2019-12246",
"lastModified": "2024-11-21T04:22:28.483",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-02-19T17:15:10.920",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://forum.silverstripe.org/c/releases"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.silverstripe.org/blog/tag/release"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.silverstripe.org/download/security-releases/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://forum.silverstripe.org/c/releases"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.silverstripe.org/blog/tag/release"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.silverstripe.org/download/security-releases/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-08-26 18:55
Modified
2025-04-11 00:51
Severity ?
Summary
SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism and hijack the authentication of administrators via vectors related to "form action requests" using a controller.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| silverstripe | silverstripe | 2.3.0 | |
| silverstripe | silverstripe | 2.3.0 | |
| silverstripe | silverstripe | 2.3.0 | |
| silverstripe | silverstripe | 2.3.0 | |
| silverstripe | silverstripe | 2.3.1 | |
| silverstripe | silverstripe | 2.3.1 | |
| silverstripe | silverstripe | 2.3.1 | |
| silverstripe | silverstripe | 2.3.2 | |
| silverstripe | silverstripe | 2.3.3 | |
| silverstripe | silverstripe | 2.3.4 | |
| silverstripe | silverstripe | 2.3.5 | |
| silverstripe | silverstripe | 2.3.6 | |
| silverstripe | silverstripe | 2.3.7 | |
| silverstripe | silverstripe | 2.3.8 | |
| silverstripe | silverstripe | 2.3.9 | |
| silverstripe | silverstripe | 2.3.10 | |
| silverstripe | silverstripe | 2.4.0 | |
| silverstripe | silverstripe | 2.4.1 | |
| silverstripe | silverstripe | 2.4.2 | |
| silverstripe | silverstripe | 2.4.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "24734325-97DA-4B2C-B192-3F4B83CCF0C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D875C510-39F2-4726-9DBD-3D95A5CB3D5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "BE8C544D-E233-488D-B768-8C077BB79338",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "26E1807F-7DEB-4519-95B9-4FA647C7D477",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "609BEA7D-81F2-4DFE-AB2A-157A6B7DE348",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "FAB67F4E-0E56-4597-BD9B-90D07685D7F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "AA541F02-F78A-4E43-8212-690810311187",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7856E216-D7B7-48A5-9D20-9F1973DA005D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DF4FF5F5-6565-4EA1-8099-2C4C964DA006",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7E0AD691-1BA2-4D8B-935C-B2C7A31BD5ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2AD30632-B31E-4425-827E-205351ABECE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "706247B5-ACA3-4863-BDBC-B42EA95E1476",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "87690027-1CF7-477E-91FE-87E6F77B2988",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "9731FCBA-AA01-4510-87B1-E547AD28D09D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0EE10366-8242-49B1-9F4F-E79304424A27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C3B8C3E7-E464-478E-A1DE-D7DF894183F4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F5BCB4DE-0432-4378-8A31-81208794EBD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DE198516-3D97-4804-84CF-8F9AAC60E795",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "534AD362-1460-4784-97C8-3AA5DD830F94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FA54E0DE-33DC-445D-8154-4DC580BA8812",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism and hijack the authentication of administrators via vectors related to \"form action requests\" using a controller."
},
{
"lang": "es",
"value": "SilverStripe v2.3.x anterior a v2.3.10 y v2.4.x anterior a v2.4.4 permite a atacantes remotos saltarse el mecanismo de protecci\u00f3n contra solicitudes falsificadas en sitios cruzados (CSRF) y secuestrar la autenticaci\u00f3n de los administradores a trav\u00e9s de vectores relacionados con el formulario de solicitud de acci\u00f3n (form action request) usando un controlador."
}
],
"id": "CVE-2010-5087",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-08-26T18:55:01.060",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.3.10"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.4.4"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "http://open.silverstripe.org/changeset/115182"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://open.silverstripe.org/changeset/115185"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/42346"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2011/01/03/12"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/3"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/05/01/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.3.10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.4.4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://open.silverstripe.org/changeset/115182"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://open.silverstripe.org/changeset/115185"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/42346"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2011/01/03/12"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/05/01/3"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-03-06 06:59
Modified
2025-04-20 01:37
Severity ?
Summary
There is XSS in SilverStripe CMS before 3.4.4 and 3.5.x before 3.5.2. The attack vector is a page name. An example payload is a crafted JavaScript event handler within a malformed SVG element.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/96572 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://www.silverstripe.org/download/security-releases/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/96572 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.silverstripe.org/download/security-releases/ | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| silverstripe | silverstripe | * | |
| silverstripe | silverstripe | 3.5.0 | |
| silverstripe | silverstripe | 3.5.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AF444DF6-EA4D-42B9-B295-D307F5F63851",
"versionEndIncluding": "3.4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:3.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7C6FFB1E-4D80-4CB6-AA2E-1C56C86624EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "886ED224-9F57-4C6A-B0B9-D6C1FEDC93AF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is XSS in SilverStripe CMS before 3.4.4 and 3.5.x before 3.5.2. The attack vector is a page name. An example payload is a crafted JavaScript event handler within a malformed SVG element."
},
{
"lang": "es",
"value": "Hay una XSS en SilverStripe CMS en versiones anteriores a 3.4.4 y 3.5.x en versiones anteriores a 3.5.2. El vector de ataque es un nombre de p\u00e1gina. Un ejemplo de carga \u00fatil es un controlador de eventos JavaScript manipulado en un elemento SVG malformado."
}
],
"id": "CVE-2017-5197",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-06T06:59:00.223",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/96572"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.silverstripe.org/download/security-releases/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/96572"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.silverstripe.org/download/security-releases/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-02-19 17:15
Modified
2024-11-21 04:22
Severity ?
Summary
In SilverStripe through 4.3.3, the previous fix for SS-2018-007 does not completely mitigate the risk of CSRF in GraphQL mutations,
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://forum.silverstripe.org/c/releases | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://www.silverstripe.org/blog/tag/release | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://www.silverstripe.org/download/security-releases/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://forum.silverstripe.org/c/releases | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.silverstripe.org/blog/tag/release | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.silverstripe.org/download/security-releases/ | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| silverstripe | silverstripe | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5C33B9A7-7ACA-4030-8D41-B4F028B6835F",
"versionEndIncluding": "4.3.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In SilverStripe through 4.3.3, the previous fix for SS-2018-007 does not completely mitigate the risk of CSRF in GraphQL mutations,"
},
{
"lang": "es",
"value": "En SilverStripe versiones hasta 4.3.3, la correcci\u00f3n anterior para SS-2018-007 no mitiga completamente el riesgo de un ataque de tipo CSRF en mutaciones de GraphQL."
}
],
"id": "CVE-2019-12437",
"lastModified": "2024-11-21T04:22:50.717",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-02-19T17:15:11.013",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://forum.silverstripe.org/c/releases"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.silverstripe.org/blog/tag/release"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.silverstripe.org/download/security-releases/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://forum.silverstripe.org/c/releases"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.silverstripe.org/blog/tag/release"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.silverstripe.org/download/security-releases/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-09-17 17:55
Modified
2025-04-11 00:51
Severity ?
Summary
SQL injection vulnerability in the augmentSQL method in core/model/Translatable.php in SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4, when the Translatable extension is enabled, allows remote attackers to execute arbitrary SQL commands via the locale parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| silverstripe | silverstripe | 2.3.0 | |
| silverstripe | silverstripe | 2.3.1 | |
| silverstripe | silverstripe | 2.3.2 | |
| silverstripe | silverstripe | 2.3.3 | |
| silverstripe | silverstripe | 2.3.4 | |
| silverstripe | silverstripe | 2.3.5 | |
| silverstripe | silverstripe | 2.3.6 | |
| silverstripe | silverstripe | 2.3.7 | |
| silverstripe | silverstripe | 2.3.8 | |
| silverstripe | silverstripe | 2.3.9 | |
| silverstripe | silverstripe | 2.4.0 | |
| silverstripe | silverstripe | 2.4.1 | |
| silverstripe | silverstripe | 2.4.2 | |
| silverstripe | silverstripe | 2.4.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "24734325-97DA-4B2C-B192-3F4B83CCF0C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "609BEA7D-81F2-4DFE-AB2A-157A6B7DE348",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7856E216-D7B7-48A5-9D20-9F1973DA005D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DF4FF5F5-6565-4EA1-8099-2C4C964DA006",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7E0AD691-1BA2-4D8B-935C-B2C7A31BD5ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2AD30632-B31E-4425-827E-205351ABECE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "706247B5-ACA3-4863-BDBC-B42EA95E1476",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "87690027-1CF7-477E-91FE-87E6F77B2988",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "9731FCBA-AA01-4510-87B1-E547AD28D09D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0EE10366-8242-49B1-9F4F-E79304424A27",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F5BCB4DE-0432-4378-8A31-81208794EBD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DE198516-3D97-4804-84CF-8F9AAC60E795",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "534AD362-1460-4784-97C8-3AA5DD830F94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FA54E0DE-33DC-445D-8154-4DC580BA8812",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the augmentSQL method in core/model/Translatable.php in SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4, when the Translatable extension is enabled, allows remote attackers to execute arbitrary SQL commands via the locale parameter."
},
{
"lang": "es",
"value": "Una vulnerabilidad de inyecci\u00f3n SQL en el m\u00e9todo augmentSQL en el core/model/Translatable.php en SilverStripe v2.3.x antes de v2.3.10 y v2.4.x antes de v2.4.4, cuando la extensi\u00f3n \u0027Translatable\u0027 est\u00e1 activada, permite a atacantes remotos ejecutar comandos SQL a trav\u00e9s del par\u00e1metro \u0027locale\u0027.\r\n"
}
],
"id": "CVE-2010-4824",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-09-17T17:55:02.577",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://doc.silverstripe.org/framework/en/trunk/changelogs//2.3.10"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://doc.silverstripe.org/framework/en/trunk/changelogs//2.4.4"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "http://open.silverstripe.org/changeset/114515"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "http://open.silverstripe.org/changeset/114517"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/42346"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2011/01/03/12"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/3"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/05/01/3"
},
{
"source": "secalert@redhat.com",
"url": "http://www.osvdb.org/69884"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/45367"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/63989"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://doc.silverstripe.org/framework/en/trunk/changelogs//2.3.10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://doc.silverstripe.org/framework/en/trunk/changelogs//2.4.4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://open.silverstripe.org/changeset/114515"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://open.silverstripe.org/changeset/114517"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/42346"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2011/01/03/12"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/05/01/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/69884"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/45367"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/63989"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-09-17 17:55
Modified
2025-04-11 00:51
Severity ?
Summary
SQL injection vulnerability in the addslashes method in SilverStripe 2.3.x before 2.3.12 and 2.4.x before 2.4.6, when connected to a MySQL database using far east character encodings, allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| silverstripe | silverstripe | 2.3.0 | |
| silverstripe | silverstripe | 2.3.1 | |
| silverstripe | silverstripe | 2.3.2 | |
| silverstripe | silverstripe | 2.3.3 | |
| silverstripe | silverstripe | 2.3.4 | |
| silverstripe | silverstripe | 2.3.5 | |
| silverstripe | silverstripe | 2.3.6 | |
| silverstripe | silverstripe | 2.3.7 | |
| silverstripe | silverstripe | 2.3.8 | |
| silverstripe | silverstripe | 2.3.9 | |
| silverstripe | silverstripe | 2.3.10 | |
| silverstripe | silverstripe | 2.3.11 | |
| silverstripe | silverstripe | 2.4.0 | |
| silverstripe | silverstripe | 2.4.1 | |
| silverstripe | silverstripe | 2.4.2 | |
| silverstripe | silverstripe | 2.4.3 | |
| silverstripe | silverstripe | 2.4.4 | |
| silverstripe | silverstripe | 2.4.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "24734325-97DA-4B2C-B192-3F4B83CCF0C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "609BEA7D-81F2-4DFE-AB2A-157A6B7DE348",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7856E216-D7B7-48A5-9D20-9F1973DA005D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DF4FF5F5-6565-4EA1-8099-2C4C964DA006",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7E0AD691-1BA2-4D8B-935C-B2C7A31BD5ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2AD30632-B31E-4425-827E-205351ABECE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "706247B5-ACA3-4863-BDBC-B42EA95E1476",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "87690027-1CF7-477E-91FE-87E6F77B2988",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "9731FCBA-AA01-4510-87B1-E547AD28D09D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0EE10366-8242-49B1-9F4F-E79304424A27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C3B8C3E7-E464-478E-A1DE-D7DF894183F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "84FD5A9A-21F4-4845-9162-F32B05EC734A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F5BCB4DE-0432-4378-8A31-81208794EBD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DE198516-3D97-4804-84CF-8F9AAC60E795",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "534AD362-1460-4784-97C8-3AA5DD830F94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FA54E0DE-33DC-445D-8154-4DC580BA8812",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5049C8FF-A147-49AE-AF1B-D6F26BFE2B7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5FCD3B4E-6E0F-413B-8DDD-CB259C0EE40E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the addslashes method in SilverStripe 2.3.x before 2.3.12 and 2.4.x before 2.4.6, when connected to a MySQL database using far east character encodings, allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en el m\u00e9todo addslashes en SilverStripe v2.3.x antes de v2.3.12 y v2.4.x antes de v2.4.6, cuando se conecta a una base de datos MySQL usando una codificaci\u00f3n de caracteres del lejano oriente, permite a atacantes remotos ejecutar comandos SQL a trav\u00e9s de vectores no especificados.\r\n"
}
],
"id": "CVE-2011-4959",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-09-17T17:55:02.813",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://doc.silverstripe.org/framework/en/trunk/changelogs/2.3.12"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://doc.silverstripe.org/framework/en/trunk/changelogs/2.4.6"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/3"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "https://github.com/silverstripe/sapphire/commit/73cca09"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "https://github.com/silverstripe/sapphire/commit/ca78784"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "https://github.com/silverstripe/silverstripe-cms/commit/b5ea2f6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://doc.silverstripe.org/framework/en/trunk/changelogs/2.3.12"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://doc.silverstripe.org/framework/en/trunk/changelogs/2.4.6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "https://github.com/silverstripe/sapphire/commit/73cca09"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "https://github.com/silverstripe/sapphire/commit/ca78784"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "https://github.com/silverstripe/silverstripe-cms/commit/b5ea2f6"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-08-26 18:55
Modified
2025-04-11 00:51
Severity ?
Summary
Member_ProfileForm in security/Member.php in SilverStripe 2.3.x before 2.3.7 allows remote attackers to hijack user accounts by saving data using the email address (ID) of another user.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| silverstripe | silverstripe | 2.3.0 | |
| silverstripe | silverstripe | 2.3.0 | |
| silverstripe | silverstripe | 2.3.0 | |
| silverstripe | silverstripe | 2.3.0 | |
| silverstripe | silverstripe | 2.3.1 | |
| silverstripe | silverstripe | 2.3.1 | |
| silverstripe | silverstripe | 2.3.1 | |
| silverstripe | silverstripe | 2.3.2 | |
| silverstripe | silverstripe | 2.3.3 | |
| silverstripe | silverstripe | 2.3.4 | |
| silverstripe | silverstripe | 2.3.5 | |
| silverstripe | silverstripe | 2.3.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "24734325-97DA-4B2C-B192-3F4B83CCF0C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D875C510-39F2-4726-9DBD-3D95A5CB3D5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "BE8C544D-E233-488D-B768-8C077BB79338",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "26E1807F-7DEB-4519-95B9-4FA647C7D477",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "609BEA7D-81F2-4DFE-AB2A-157A6B7DE348",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "FAB67F4E-0E56-4597-BD9B-90D07685D7F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "AA541F02-F78A-4E43-8212-690810311187",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7856E216-D7B7-48A5-9D20-9F1973DA005D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DF4FF5F5-6565-4EA1-8099-2C4C964DA006",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7E0AD691-1BA2-4D8B-935C-B2C7A31BD5ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2AD30632-B31E-4425-827E-205351ABECE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "706247B5-ACA3-4863-BDBC-B42EA95E1476",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Member_ProfileForm in security/Member.php in SilverStripe 2.3.x before 2.3.7 allows remote attackers to hijack user accounts by saving data using the email address (ID) of another user."
},
{
"lang": "es",
"value": "Member_ProfileForm en security/Member.php en SilverStripe v2.3.x anterior a v2.3.7 permite a atacantes remotos secuestrar cuentas de usuarios a trav\u00e9s del guardado de datos usando la direcci\u00f3n de correo electr\u00f3nico (ID) de otro usuario."
}
],
"id": "CVE-2010-5093",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-08-26T18:55:01.433",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.3.7"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "http://open.silverstripe.org/changeset/100744"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/3"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/05/01/3"
},
{
"source": "secalert@redhat.com",
"url": "http://www.silverstripe.org/security-releases"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.3.7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://open.silverstripe.org/changeset/100744"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/05/01/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.silverstripe.org/security-releases"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-09-25 19:15
Modified
2024-11-21 04:22
Severity ?
Summary
In SilverStripe through 4.3.3, a missing warning about leaving install.php in a public webroot can lead to unauthenticated admin access.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://forum.silverstripe.org/c/releases | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://www.silverstripe.org/download/security-releases/ | Vendor Advisory | |
| cve@mitre.org | https://www.silverstripe.org/download/security-releases/CVE-2019-12204 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://forum.silverstripe.org/c/releases | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.silverstripe.org/download/security-releases/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.silverstripe.org/download/security-releases/CVE-2019-12204 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| silverstripe | silverstripe | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CDBB406-569B-4D38-B89A-CE6762D2048C",
"versionEndIncluding": "4.3.3",
"versionStartIncluding": "4.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In SilverStripe through 4.3.3, a missing warning about leaving install.php in a public webroot can lead to unauthenticated admin access."
},
{
"lang": "es",
"value": "En SilverStripe versiones hasta 4.3.3, una falta de advertencia acerca de dejar el archivo install.php en una webroot p\u00fablica puede conllevar a un acceso de administrador no autenticado."
}
],
"id": "CVE-2019-12204",
"lastModified": "2024-11-21T04:22:24.810",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-09-25T19:15:10.267",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://forum.silverstripe.org/c/releases"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.silverstripe.org/download/security-releases/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.silverstripe.org/download/security-releases/CVE-2019-12204"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://forum.silverstripe.org/c/releases"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.silverstripe.org/download/security-releases/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.silverstripe.org/download/security-releases/CVE-2019-12204"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-08-26 18:55
Modified
2025-04-11 00:51
Severity ?
Summary
SilverStripe before 2.4.2 does not properly restrict access to pages in draft mode, which allows remote attackers to obtain sensitive information.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| silverstripe | silverstripe | * | |
| silverstripe | silverstripe | 2.0.0 | |
| silverstripe | silverstripe | 2.0.1 | |
| silverstripe | silverstripe | 2.0.2 | |
| silverstripe | silverstripe | 2.1.0 | |
| silverstripe | silverstripe | 2.1.1 | |
| silverstripe | silverstripe | 2.2.0 | |
| silverstripe | silverstripe | 2.2.1 | |
| silverstripe | silverstripe | 2.2.2 | |
| silverstripe | silverstripe | 2.2.4 | |
| silverstripe | silverstripe | 2.3.0 | |
| silverstripe | silverstripe | 2.3.0 | |
| silverstripe | silverstripe | 2.3.0 | |
| silverstripe | silverstripe | 2.3.0 | |
| silverstripe | silverstripe | 2.3.1 | |
| silverstripe | silverstripe | 2.3.1 | |
| silverstripe | silverstripe | 2.3.1 | |
| silverstripe | silverstripe | 2.3.2 | |
| silverstripe | silverstripe | 2.3.3 | |
| silverstripe | silverstripe | 2.3.4 | |
| silverstripe | silverstripe | 2.3.5 | |
| silverstripe | silverstripe | 2.3.6 | |
| silverstripe | silverstripe | 2.3.7 | |
| silverstripe | silverstripe | 2.3.8 | |
| silverstripe | silverstripe | 2.3.9 | |
| silverstripe | silverstripe | 2.3.10 | |
| silverstripe | silverstripe | 2.4.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D219CC61-29F0-4123-A8CA-0808D86FBC31",
"versionEndIncluding": "2.4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D93D92D9-A3CC-46D0-8539-587F2B3A3A07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6330F446-45E8-4C3E-8585-4BAA9385DFD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3AC23F5D-AC9E-4F83-95B2-CEF6E546E732",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "77480CB4-04B8-4934-AB1D-B61BB262CD40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D735517-B50D-4C4B-A95F-E48626AB5671",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8CA1CDF7-D273-4044-94AB-3295EAD98AD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EE8AB709-B4E7-4D48-8481-08BBCD9121A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3D51AEAF-EACD-4E52-85D4-5A54A443EDBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "800CC172-F319-41A2-8C29-8944B98930B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "24734325-97DA-4B2C-B192-3F4B83CCF0C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D875C510-39F2-4726-9DBD-3D95A5CB3D5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "BE8C544D-E233-488D-B768-8C077BB79338",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "26E1807F-7DEB-4519-95B9-4FA647C7D477",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "609BEA7D-81F2-4DFE-AB2A-157A6B7DE348",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "FAB67F4E-0E56-4597-BD9B-90D07685D7F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "AA541F02-F78A-4E43-8212-690810311187",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7856E216-D7B7-48A5-9D20-9F1973DA005D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DF4FF5F5-6565-4EA1-8099-2C4C964DA006",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7E0AD691-1BA2-4D8B-935C-B2C7A31BD5ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2AD30632-B31E-4425-827E-205351ABECE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "706247B5-ACA3-4863-BDBC-B42EA95E1476",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "87690027-1CF7-477E-91FE-87E6F77B2988",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "9731FCBA-AA01-4510-87B1-E547AD28D09D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0EE10366-8242-49B1-9F4F-E79304424A27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C3B8C3E7-E464-478E-A1DE-D7DF894183F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F5BCB4DE-0432-4378-8A31-81208794EBD7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SilverStripe before 2.4.2 does not properly restrict access to pages in draft mode, which allows remote attackers to obtain sensitive information."
},
{
"lang": "es",
"value": "SilverStripe anterior a v2.4.2 no restringe el acceso adecuadamente a las p\u00e1ginas en modo borrador, lo cual permite a atacantes remotos obtener informaci\u00f3n sensible."
}
],
"id": "CVE-2010-5089",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-08-26T18:55:01.217",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.4.2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://open.silverstripe.org/changeset/110757"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/3"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/05/01/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.4.2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://open.silverstripe.org/changeset/110757"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/05/01/3"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-06-08 20:15
Modified
2024-11-21 05:19
Severity ?
Summary
In SilverStripe through 4.6.0-rc1, GraphQL doesn't honour MFA (multi-factor authentication) when using basic authentication.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://forum.silverstripe.org/c/releases | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://www.silverstripe.org/blog/tag/release | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://www.silverstripe.org/download/security-releases/ | Vendor Advisory | |
| cve@mitre.org | https://www.silverstripe.org/download/security-releases/cve-2020-26136 | Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://forum.silverstripe.org/c/releases | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.silverstripe.org/blog/tag/release | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.silverstripe.org/download/security-releases/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.silverstripe.org/download/security-releases/cve-2020-26136 | Exploit, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| silverstripe | silverstripe | * | |
| silverstripe | silverstripe | 4.6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B53FA0A8-2DF2-4918-8ABB-B3DA0C81537F",
"versionEndExcluding": "4.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:4.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "CD381280-D40A-4645-8618-B5F753FE59D5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In SilverStripe through 4.6.0-rc1, GraphQL doesn\u0027t honour MFA (multi-factor authentication) when using basic authentication."
},
{
"lang": "es",
"value": "En SilverStripe versiones hasta 4.6.0-rc1, GraphQL no respecta MFA (multi-factor authentication) cuando se usa la autenticaci\u00f3n b\u00e1sica"
}
],
"id": "CVE-2020-26136",
"lastModified": "2024-11-21T05:19:19.480",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-06-08T20:15:08.017",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://forum.silverstripe.org/c/releases"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.silverstripe.org/blog/tag/release"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.silverstripe.org/download/security-releases/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://www.silverstripe.org/download/security-releases/cve-2020-26136"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://forum.silverstripe.org/c/releases"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.silverstripe.org/blog/tag/release"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.silverstripe.org/download/security-releases/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://www.silverstripe.org/download/security-releases/cve-2020-26136"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-09-17 17:55
Modified
2025-04-11 00:51
Severity ?
Summary
SilverStripe 2.3.x before 2.3.12 and 2.4.x before 2.4.6 allows remote authenticated users with the EDIT_PERMISSIONS permission to gain administrator privileges via a TreeMultiselectField that includes admin groups when adding a user to the selected groups.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| silverstripe | silverstripe | 2.3.0 | |
| silverstripe | silverstripe | 2.3.1 | |
| silverstripe | silverstripe | 2.3.2 | |
| silverstripe | silverstripe | 2.3.3 | |
| silverstripe | silverstripe | 2.3.4 | |
| silverstripe | silverstripe | 2.3.5 | |
| silverstripe | silverstripe | 2.3.6 | |
| silverstripe | silverstripe | 2.3.7 | |
| silverstripe | silverstripe | 2.3.8 | |
| silverstripe | silverstripe | 2.3.9 | |
| silverstripe | silverstripe | 2.3.10 | |
| silverstripe | silverstripe | 2.3.11 | |
| silverstripe | silverstripe | 2.4.0 | |
| silverstripe | silverstripe | 2.4.1 | |
| silverstripe | silverstripe | 2.4.2 | |
| silverstripe | silverstripe | 2.4.3 | |
| silverstripe | silverstripe | 2.4.4 | |
| silverstripe | silverstripe | 2.4.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "24734325-97DA-4B2C-B192-3F4B83CCF0C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "609BEA7D-81F2-4DFE-AB2A-157A6B7DE348",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7856E216-D7B7-48A5-9D20-9F1973DA005D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DF4FF5F5-6565-4EA1-8099-2C4C964DA006",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7E0AD691-1BA2-4D8B-935C-B2C7A31BD5ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2AD30632-B31E-4425-827E-205351ABECE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "706247B5-ACA3-4863-BDBC-B42EA95E1476",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "87690027-1CF7-477E-91FE-87E6F77B2988",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "9731FCBA-AA01-4510-87B1-E547AD28D09D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0EE10366-8242-49B1-9F4F-E79304424A27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C3B8C3E7-E464-478E-A1DE-D7DF894183F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "84FD5A9A-21F4-4845-9162-F32B05EC734A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F5BCB4DE-0432-4378-8A31-81208794EBD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DE198516-3D97-4804-84CF-8F9AAC60E795",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "534AD362-1460-4784-97C8-3AA5DD830F94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FA54E0DE-33DC-445D-8154-4DC580BA8812",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5049C8FF-A147-49AE-AF1B-D6F26BFE2B7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5FCD3B4E-6E0F-413B-8DDD-CB259C0EE40E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SilverStripe 2.3.x before 2.3.12 and 2.4.x before 2.4.6 allows remote authenticated users with the EDIT_PERMISSIONS permission to gain administrator privileges via a TreeMultiselectField that includes admin groups when adding a user to the selected groups."
},
{
"lang": "es",
"value": "SilverStripe v2.3.x antes de v2.3.12 y v2.4.x antes de v2.4.6 permite obtener permisos de administrador a usuarios remotos autenticados con el permiso \u0027EDIT_PERMISSIONS\u0027 a trav\u00e9s de un \u0027TreeMultiselectField\u0027 que incluye grupos de administradores al agregar un usuario a los grupos seleccionados.\r\n"
}
],
"id": "CVE-2011-4961",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-09-17T17:55:02.923",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://doc.silverstripe.org/framework/en/trunk/changelogs/2.3.12"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://doc.silverstripe.org/framework/en/trunk/changelogs/2.4.6"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/3"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://github.com/silverstripe/sapphire/commit/de1f070"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://doc.silverstripe.org/framework/en/trunk/changelogs/2.3.12"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://doc.silverstripe.org/framework/en/trunk/changelogs/2.4.6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/silverstripe/sapphire/commit/de1f070"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-08-26 18:55
Modified
2025-04-11 00:51
Severity ?
Summary
The Security/changepassword URL action in SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4 passes a token as a GET parameter while changing a password through email, which allows remote attackers to obtain sensitive data and hijack the session via the HTTP referer logs on a server, aka "HTTP referer leakage."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| silverstripe | silverstripe | 2.3.0 | |
| silverstripe | silverstripe | 2.3.0 | |
| silverstripe | silverstripe | 2.3.0 | |
| silverstripe | silverstripe | 2.3.0 | |
| silverstripe | silverstripe | 2.3.1 | |
| silverstripe | silverstripe | 2.3.1 | |
| silverstripe | silverstripe | 2.3.1 | |
| silverstripe | silverstripe | 2.3.2 | |
| silverstripe | silverstripe | 2.3.3 | |
| silverstripe | silverstripe | 2.3.4 | |
| silverstripe | silverstripe | 2.3.5 | |
| silverstripe | silverstripe | 2.3.6 | |
| silverstripe | silverstripe | 2.3.7 | |
| silverstripe | silverstripe | 2.3.8 | |
| silverstripe | silverstripe | 2.3.9 | |
| silverstripe | silverstripe | 2.4.0 | |
| silverstripe | silverstripe | 2.4.1 | |
| silverstripe | silverstripe | 2.4.2 | |
| silverstripe | silverstripe | 2.4.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "24734325-97DA-4B2C-B192-3F4B83CCF0C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D875C510-39F2-4726-9DBD-3D95A5CB3D5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "BE8C544D-E233-488D-B768-8C077BB79338",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "26E1807F-7DEB-4519-95B9-4FA647C7D477",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "609BEA7D-81F2-4DFE-AB2A-157A6B7DE348",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "FAB67F4E-0E56-4597-BD9B-90D07685D7F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "AA541F02-F78A-4E43-8212-690810311187",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7856E216-D7B7-48A5-9D20-9F1973DA005D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DF4FF5F5-6565-4EA1-8099-2C4C964DA006",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7E0AD691-1BA2-4D8B-935C-B2C7A31BD5ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2AD30632-B31E-4425-827E-205351ABECE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "706247B5-ACA3-4863-BDBC-B42EA95E1476",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "87690027-1CF7-477E-91FE-87E6F77B2988",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "9731FCBA-AA01-4510-87B1-E547AD28D09D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0EE10366-8242-49B1-9F4F-E79304424A27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F5BCB4DE-0432-4378-8A31-81208794EBD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DE198516-3D97-4804-84CF-8F9AAC60E795",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "534AD362-1460-4784-97C8-3AA5DD830F94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FA54E0DE-33DC-445D-8154-4DC580BA8812",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Security/changepassword URL action in SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4 passes a token as a GET parameter while changing a password through email, which allows remote attackers to obtain sensitive data and hijack the session via the HTTP referer logs on a server, aka \"HTTP referer leakage.\""
},
{
"lang": "es",
"value": "La acci\u00f3n en la URL Security/changepassword\r\nen SilverStripe v2.3.x anterior a v2.3.10 y v2.4.x anterior a v2.4.4 pasa una muestra (token) como un par\u00e1metro GET mientras se est\u00e1 cambiando una contrase\u00f1a a trav\u00e9s de un correo electr\u00f3nico, que permite a atacantes remotos obtener informaci\u00f3n sensible y secuestrar la sesi\u00f3n a trav\u00e9s de los registros referer HTTP en un servidor, tambi\u00e9n conocido como \"HTTP referer leakage\"."
}
],
"id": "CVE-2010-5080",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-08-26T18:55:01.013",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.3.10"
},
{
"source": "secalert@redhat.com",
"url": "http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.4.4"
},
{
"source": "secalert@redhat.com",
"url": "http://open.silverstripe.org/changeset/114758"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/42346"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2011/01/03/12"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/3"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/05/01/3"
},
{
"source": "secalert@redhat.com",
"url": "http://www.osvdb.org/69887"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.3.10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.4.4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://open.silverstripe.org/changeset/114758"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/42346"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2011/01/03/12"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/05/01/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/69887"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-255"
},
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-09-25 19:15
Modified
2024-11-21 04:22
Severity ?
Summary
SilverStripe through 4.3.3 allows session fixation in the "change password" form.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://forum.silverstripe.org/c/releases | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://www.silverstripe.org/download/security-releases/ | Vendor Advisory | |
| cve@mitre.org | https://www.silverstripe.org/download/security-releases/CVE-2019-12203 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://forum.silverstripe.org/c/releases | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.silverstripe.org/download/security-releases/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.silverstripe.org/download/security-releases/CVE-2019-12203 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| silverstripe | silverstripe | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5C33B9A7-7ACA-4030-8D41-B4F028B6835F",
"versionEndIncluding": "4.3.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SilverStripe through 4.3.3 allows session fixation in the \"change password\" form."
},
{
"lang": "es",
"value": "SilverStripe versiones hasta 4.3.3, permite la fijaci\u00f3n de la sesi\u00f3n en el formulario \"change password\"."
}
],
"id": "CVE-2019-12203",
"lastModified": "2024-11-21T04:22:24.670",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.7,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 1.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.4,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-09-25T19:15:10.187",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://forum.silverstripe.org/c/releases"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.silverstripe.org/download/security-releases/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.silverstripe.org/download/security-releases/CVE-2019-12203"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://forum.silverstripe.org/c/releases"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.silverstripe.org/download/security-releases/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.silverstripe.org/download/security-releases/CVE-2019-12203"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-384"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-06-24 14:59
Modified
2025-04-12 10:46
Severity ?
Summary
Open redirect vulnerability in SilverStripe CMS & Framework 3.1.13 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the returnURL parameter to dev/build.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| silverstripe | silverstripe | 3.1.13 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:3.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "B79F50BB-3583-4B7F-942E-1122B1336C76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in SilverStripe CMS \u0026 Framework 3.1.13 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the returnURL parameter to dev/build."
},
{
"lang": "es",
"value": "Vulnerabilidad de la redirecci\u00f3n abierta en SilverStripe CMS \u0026 Framework 3.1.13 permite a atacantes remotos redirigir usuarios hacia sitios web arbitrarios y realizar ataques de phishing a trav\u00e9s de una URL en el par\u00e1metro returnURL en dev/build."
}
],
"evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/601.html\"\u003eCWE-601: URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)\u003c/a\u003e",
"id": "CVE-2015-5062",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-06-24T14:59:04.597",
"references": [
{
"source": "cve@mitre.org",
"url": "http://hyp3rlinx.altervista.org/advisories/AS-SILVERSTRIPE0607.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/132223/SilverStripe-CMS-3.1.13-XSS-Open-Redirect.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/535716/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/75419"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://hyp3rlinx.altervista.org/advisories/AS-SILVERSTRIPE0607.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/132223/SilverStripe-CMS-3.1.13-XSS-Open-Redirect.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/535716/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/75419"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-09-17 17:55
Modified
2025-04-11 00:51
Severity ?
Summary
SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain version information via a direct request to (1) apphire/silverstripe_version or (2) cms/silverstripe_version.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| silverstripe | silverstripe | 2.3.0 | |
| silverstripe | silverstripe | 2.3.1 | |
| silverstripe | silverstripe | 2.3.2 | |
| silverstripe | silverstripe | 2.3.3 | |
| silverstripe | silverstripe | 2.3.4 | |
| silverstripe | silverstripe | 2.3.5 | |
| silverstripe | silverstripe | 2.3.6 | |
| silverstripe | silverstripe | 2.3.7 | |
| silverstripe | silverstripe | 2.3.8 | |
| silverstripe | silverstripe | 2.3.9 | |
| silverstripe | silverstripe | 2.4.0 | |
| silverstripe | silverstripe | 2.4.1 | |
| silverstripe | silverstripe | 2.4.2 | |
| silverstripe | silverstripe | 2.4.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "24734325-97DA-4B2C-B192-3F4B83CCF0C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "609BEA7D-81F2-4DFE-AB2A-157A6B7DE348",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7856E216-D7B7-48A5-9D20-9F1973DA005D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DF4FF5F5-6565-4EA1-8099-2C4C964DA006",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7E0AD691-1BA2-4D8B-935C-B2C7A31BD5ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2AD30632-B31E-4425-827E-205351ABECE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "706247B5-ACA3-4863-BDBC-B42EA95E1476",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "87690027-1CF7-477E-91FE-87E6F77B2988",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "9731FCBA-AA01-4510-87B1-E547AD28D09D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0EE10366-8242-49B1-9F4F-E79304424A27",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F5BCB4DE-0432-4378-8A31-81208794EBD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DE198516-3D97-4804-84CF-8F9AAC60E795",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "534AD362-1460-4784-97C8-3AA5DD830F94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FA54E0DE-33DC-445D-8154-4DC580BA8812",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain version information via a direct request to (1) apphire/silverstripe_version or (2) cms/silverstripe_version."
},
{
"lang": "es",
"value": "SilverStripe v2.3.x antes de v2.3.10 y v2.4.x antes de v2.4.4 almacena informaci\u00f3n sensible bajo la ra\u00edz web con controles de acceso insuficientes, lo que permite a atacantes remotos obtener informaci\u00f3n de la versi\u00f3n a trav\u00e9s de una petici\u00f3n directa a (1) apphire/silverstripe_version \u00f3 (2) cms/silverstripe_version.\r\n"
}
],
"id": "CVE-2010-5078",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-09-17T17:55:02.673",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://doc.silverstripe.org/framework/en/trunk/changelogs//2.3.10"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://doc.silverstripe.org/framework/en/trunk/changelogs//2.4.4"
},
{
"source": "secalert@redhat.com",
"url": "http://open.silverstripe.org/ticket/5031"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/42346"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2011/01/03/12"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/3"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/05/01/3"
},
{
"source": "secalert@redhat.com",
"url": "http://www.osvdb.org/69888"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/45367"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/63990"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://doc.silverstripe.org/framework/en/trunk/changelogs//2.3.10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://doc.silverstripe.org/framework/en/trunk/changelogs//2.4.4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://open.silverstripe.org/ticket/5031"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/42346"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2011/01/03/12"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/05/01/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/69888"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/45367"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/63990"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-02-02 17:55
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in admin/EditForm in SilverStripe 2.4.6 allows remote authenticated users with Content Authors privileges to inject arbitrary web script or HTML via the Title parameter. NOTE: some of these details are obtained from third party information.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| silverstripe | silverstripe | 2.4.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C52B37E5-16F1-469D-B44E-699CD096FF96",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in admin/EditForm in SilverStripe 2.4.6 allows remote authenticated users with Content Authors privileges to inject arbitrary web script or HTML via the Title parameter. NOTE: some of these details are obtained from third party information."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en admin/EditForm in SilverStripe v2.4.6 permite a usuarios remotos autenticados con privilegios de los autores de contenido para inyectar secuencias de comandos web o HTML a trav\u00e9s del par\u00e1metro de t\u00edtulo. NOTA: algunos de estos detalles han sido obtenidos de informaci\u00f3n de terceros."
}
],
"id": "CVE-2012-0976",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-02-02T17:55:01.020",
"references": [
{
"source": "cve@mitre.org",
"url": "http://doc.silverstripe.org/framework/en/trunk/changelogs/2.3.13"
},
{
"source": "cve@mitre.org",
"url": "http://doc.silverstripe.org/framework/en/trunk/changelogs/2.4.7"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/78677"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.org/files/view/109210/silverstripecmspage-xss.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/47812"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/3"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/51761"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72820"
},
{
"source": "cve@mitre.org",
"url": "https://github.com/silverstripe/sapphire/commit/252e187"
},
{
"source": "cve@mitre.org",
"url": "https://github.com/silverstripe/sapphire/commit/475e077"
},
{
"source": "cve@mitre.org",
"url": "https://github.com/silverstripe/sapphire/commit/5fe7091"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://doc.silverstripe.org/framework/en/trunk/changelogs/2.3.13"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://doc.silverstripe.org/framework/en/trunk/changelogs/2.4.7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/78677"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.org/files/view/109210/silverstripecmspage-xss.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/47812"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/51761"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72820"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/silverstripe/sapphire/commit/252e187"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/silverstripe/sapphire/commit/475e077"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/silverstripe/sapphire/commit/5fe7091"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-09-26 16:15
Modified
2024-11-21 04:30
Severity ?
Summary
In the Versioned Files module through 2.0.3 for SilverStripe 3.x, unpublished versions of files are publicly exposed to anyone who can guess their URL. This guess could be highly informed by a basic understanding of the symbiote/silverstripe-versionedfiles source code. (Users who upgrade from SilverStripe 3.x to 4.x and had Versioned Files installed have no further need for this module, because the 4.x release has built-in versioning. However, nothing in the upgrade process automates the destruction of these insecure artefacts, nor alerts the user to the criticality of destruction.)
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/silverstripe/silverstripe-framework | Product, Third Party Advisory | |
| cve@mitre.org | https://github.com/symbiote/silverstripe-versionedfiles | Product, Third Party Advisory | |
| cve@mitre.org | https://www.silverstripe.org/download/security-releases/cve-2019-16409 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/silverstripe/silverstripe-framework | Product, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/symbiote/silverstripe-versionedfiles | Product, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.silverstripe.org/download/security-releases/cve-2019-16409 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| silverstripe | silverstripe | * | |
| symbiote | versionedfiles | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4E58CB97-D94C-41B1-BD35-101853DF1D5E",
"versionEndIncluding": "3.7.4",
"versionStartIncluding": "3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symbiote:versionedfiles:*:*:*:*:*:silverstripe:*:*",
"matchCriteriaId": "2243C113-7430-45F8-B641-A4A937594787",
"versionEndIncluding": "2.0.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Versioned Files module through 2.0.3 for SilverStripe 3.x, unpublished versions of files are publicly exposed to anyone who can guess their URL. This guess could be highly informed by a basic understanding of the symbiote/silverstripe-versionedfiles source code. (Users who upgrade from SilverStripe 3.x to 4.x and had Versioned Files installed have no further need for this module, because the 4.x release has built-in versioning. However, nothing in the upgrade process automates the destruction of these insecure artefacts, nor alerts the user to the criticality of destruction.)"
},
{
"lang": "es",
"value": "En el m\u00f3dulo Versioned Files versiones hasta 2.0.3 para SilverStripe versiones 3.x, las versiones no publicadas de archivos se exponen p\u00fablicamente a cualquiera que pueda adivinar su URL. Esta suposici\u00f3n podr\u00eda estar altamente informada para una comprensi\u00f3n b\u00e1sica del c\u00f3digo fuente de symbiote/silverstripe-versionedfiles. (Los usuarios que actualizan SilverStripe versiones 3.x hasta 4.x y ten\u00edan instalado Versioned Files ya no necesitan este m\u00f3dulo, porque la versi\u00f3n 4.x posee versiones integradas. Sin embargo, nada en el proceso de actualizaci\u00f3n automatiza la destrucci\u00f3n de estos artefactos no seguros, ni alerta al usuario sobre la importancia de su destrucci\u00f3n)."
}
],
"id": "CVE-2019-16409",
"lastModified": "2024-11-21T04:30:39.470",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-09-26T16:15:11.267",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Third Party Advisory"
],
"url": "https://github.com/silverstripe/silverstripe-framework"
},
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Third Party Advisory"
],
"url": "https://github.com/symbiote/silverstripe-versionedfiles"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.silverstripe.org/download/security-releases/cve-2019-16409"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Third Party Advisory"
],
"url": "https://github.com/silverstripe/silverstripe-framework"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Third Party Advisory"
],
"url": "https://github.com/symbiote/silverstripe-versionedfiles"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.silverstripe.org/download/security-releases/cve-2019-16409"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-08-26 18:55
Modified
2025-04-11 00:51
Severity ?
Summary
SilverStripe 2.3.x before 2.3.8 and 2.4.x before 2.4.1, when running on servers with certain configurations, allows remote attackers to obtain sensitive information via a direct request to PHP files in the (1) sapphire, (2) cms, or (3) mysite folders, which reveals the installation path in an error message.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| silverstripe | silverstripe | 2.3.0 | |
| silverstripe | silverstripe | 2.3.0 | |
| silverstripe | silverstripe | 2.3.0 | |
| silverstripe | silverstripe | 2.3.0 | |
| silverstripe | silverstripe | 2.3.1 | |
| silverstripe | silverstripe | 2.3.1 | |
| silverstripe | silverstripe | 2.3.1 | |
| silverstripe | silverstripe | 2.3.2 | |
| silverstripe | silverstripe | 2.3.3 | |
| silverstripe | silverstripe | 2.3.4 | |
| silverstripe | silverstripe | 2.3.5 | |
| silverstripe | silverstripe | 2.3.6 | |
| silverstripe | silverstripe | 2.3.7 | |
| silverstripe | silverstripe | 2.4.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "24734325-97DA-4B2C-B192-3F4B83CCF0C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D875C510-39F2-4726-9DBD-3D95A5CB3D5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "BE8C544D-E233-488D-B768-8C077BB79338",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "26E1807F-7DEB-4519-95B9-4FA647C7D477",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "609BEA7D-81F2-4DFE-AB2A-157A6B7DE348",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "FAB67F4E-0E56-4597-BD9B-90D07685D7F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "AA541F02-F78A-4E43-8212-690810311187",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7856E216-D7B7-48A5-9D20-9F1973DA005D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DF4FF5F5-6565-4EA1-8099-2C4C964DA006",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7E0AD691-1BA2-4D8B-935C-B2C7A31BD5ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2AD30632-B31E-4425-827E-205351ABECE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "706247B5-ACA3-4863-BDBC-B42EA95E1476",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "87690027-1CF7-477E-91FE-87E6F77B2988",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F5BCB4DE-0432-4378-8A31-81208794EBD7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SilverStripe 2.3.x before 2.3.8 and 2.4.x before 2.4.1, when running on servers with certain configurations, allows remote attackers to obtain sensitive information via a direct request to PHP files in the (1) sapphire, (2) cms, or (3) mysite folders, which reveals the installation path in an error message."
},
{
"lang": "es",
"value": "SilverStripe v2.3.x anterior a v2.3.8 y v2.4.x anterior a v2.4.1, cuando est\u00e1 en ejecuci\u00f3n el servidores con ciertas configuraciones, permite a atacantes remotos obtener informaci\u00f3n sensible a trav\u00e9s de una petici\u00f3n directa a ficheros PHP en el (1) sapphire, (2) cms, o (3) carpetas mysite, lo que revela la ruta de instalaci\u00f3n en un mensaje de error."
}
],
"id": "CVE-2010-5187",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-08-26T18:55:01.590",
"references": [
{
"source": "cve@mitre.org",
"url": "http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.3.8"
},
{
"source": "cve@mitre.org",
"url": "http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.4.1"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/1"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/3"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2012/05/01/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.3.8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.4.1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/05/01/3"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-06-28 22:15
Modified
2024-11-21 06:26
Severity ?
Summary
Silverstripe silverstripe/framework 4.8.1 has a quadratic blowup in Convert::xml2array() that enables a remote attack via a crafted XML document.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/silverstripe/silverstripe-framework/releases | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://www.silverstripe.org/download/security-releases/ | Not Applicable, Vendor Advisory | |
| cve@mitre.org | https://www.silverstripe.org/download/security-releases/cve-2021-41559 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/silverstripe/silverstripe-framework/releases | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.silverstripe.org/download/security-releases/ | Not Applicable, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.silverstripe.org/download/security-releases/cve-2021-41559 | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| silverstripe | silverstripe | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*",
"matchCriteriaId": "26552B50-918D-49A2-A218-357A6F5DBFD6",
"versionEndExcluding": "4.10.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Silverstripe silverstripe/framework 4.8.1 has a quadratic blowup in Convert::xml2array() that enables a remote attack via a crafted XML document."
},
{
"lang": "es",
"value": "Silverstripe silverstripe/framework 4.8.1, presenta una explosi\u00f3n cuadr\u00e1tica en la funci\u00f3n Convert::xml2array() que permite un ataque remoto por medio de un documento XML dise\u00f1ado"
}
],
"id": "CVE-2021-41559",
"lastModified": "2024-11-21T06:26:25.437",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-28T22:15:07.870",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://github.com/silverstripe/silverstripe-framework/releases"
},
{
"source": "cve@mitre.org",
"tags": [
"Not Applicable",
"Vendor Advisory"
],
"url": "https://www.silverstripe.org/download/security-releases/"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.silverstripe.org/download/security-releases/cve-2021-41559"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://github.com/silverstripe/silverstripe-framework/releases"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable",
"Vendor Advisory"
],
"url": "https://www.silverstripe.org/download/security-releases/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.silverstripe.org/download/security-releases/cve-2021-41559"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-776"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-09-17 17:55
Modified
2025-04-11 00:51
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in SilverStripe 2.3.x before 2.3.13 and 2.4.x before 2.4.7 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted string to the AbsoluteLinks, (2) BigSummary, (3) ContextSummary, (4) EscapeXML, (5) FirstParagraph, (6) FirstSentence, (7) Initial, (8) LimitCharacters, (9) LimitSentences, (10) LimitWordCount, (11) LimitWordCountXML, (12) Lower, (13) LowerCase, (14) NoHTML, (15) Summary, (16) Upper, (17) UpperCase, or (18) URL method in a template, different vectors than CVE-2012-0976.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| silverstripe | silverstripe | 2.3.0 | |
| silverstripe | silverstripe | 2.3.1 | |
| silverstripe | silverstripe | 2.3.2 | |
| silverstripe | silverstripe | 2.3.3 | |
| silverstripe | silverstripe | 2.3.4 | |
| silverstripe | silverstripe | 2.3.5 | |
| silverstripe | silverstripe | 2.3.6 | |
| silverstripe | silverstripe | 2.3.7 | |
| silverstripe | silverstripe | 2.3.8 | |
| silverstripe | silverstripe | 2.3.9 | |
| silverstripe | silverstripe | 2.3.10 | |
| silverstripe | silverstripe | 2.3.11 | |
| silverstripe | silverstripe | 2.3.12 | |
| silverstripe | silverstripe | 2.4.0 | |
| silverstripe | silverstripe | 2.4.1 | |
| silverstripe | silverstripe | 2.4.2 | |
| silverstripe | silverstripe | 2.4.3 | |
| silverstripe | silverstripe | 2.4.5 | |
| silverstripe | silverstripe | 2.4.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "24734325-97DA-4B2C-B192-3F4B83CCF0C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "609BEA7D-81F2-4DFE-AB2A-157A6B7DE348",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7856E216-D7B7-48A5-9D20-9F1973DA005D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DF4FF5F5-6565-4EA1-8099-2C4C964DA006",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7E0AD691-1BA2-4D8B-935C-B2C7A31BD5ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2AD30632-B31E-4425-827E-205351ABECE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "706247B5-ACA3-4863-BDBC-B42EA95E1476",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "87690027-1CF7-477E-91FE-87E6F77B2988",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "9731FCBA-AA01-4510-87B1-E547AD28D09D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0EE10366-8242-49B1-9F4F-E79304424A27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C3B8C3E7-E464-478E-A1DE-D7DF894183F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "84FD5A9A-21F4-4845-9162-F32B05EC734A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "6D969ED1-9544-4077-B598-225B0B57E7BC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F5BCB4DE-0432-4378-8A31-81208794EBD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DE198516-3D97-4804-84CF-8F9AAC60E795",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "534AD362-1460-4784-97C8-3AA5DD830F94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FA54E0DE-33DC-445D-8154-4DC580BA8812",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5FCD3B4E-6E0F-413B-8DDD-CB259C0EE40E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C52B37E5-16F1-469D-B44E-699CD096FF96",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in SilverStripe 2.3.x before 2.3.13 and 2.4.x before 2.4.7 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted string to the AbsoluteLinks, (2) BigSummary, (3) ContextSummary, (4) EscapeXML, (5) FirstParagraph, (6) FirstSentence, (7) Initial, (8) LimitCharacters, (9) LimitSentences, (10) LimitWordCount, (11) LimitWordCountXML, (12) Lower, (13) LowerCase, (14) NoHTML, (15) Summary, (16) Upper, (17) UpperCase, or (18) URL method in a template, different vectors than CVE-2012-0976."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de comandos en sitios cruzados (XSS) en SilverStripe v2.3.x antes de v2.3.13 y v2.4.x antes de v2.4.7 permiten a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de una cadena modificada a los m\u00e9todos (1) AbsoluteLinks, (2) BigSummary, (3) ContextSummary, (4) EscapeXML, (5) FirstParagraph, (6) FirstSentence, (7) Initial, (8) LimitCharacters, (9) LimitSentences, (10) Word Count Limit, (11) LimitWordCountXML, (12) Lower, (13) LowerCase, (14) NOHTML, (15) Summary, (16) Upper, (17) UpperCase, o (18) URL en una plantilla. Se trata de vectores diferentes a los de CVE-2012-0976a."
}
],
"id": "CVE-2012-4968",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-09-17T17:55:03.173",
"references": [
{
"source": "cve@mitre.org",
"url": "http://doc.silverstripe.org/framework/en/trunk/changelogs/2.3.13"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://doc.silverstripe.org/framework/en/trunk/changelogs/2.4.7"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/1"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/3"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "https://github.com/silverstripe/sapphire/commit/0085876"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://doc.silverstripe.org/framework/en/trunk/changelogs/2.3.13"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://doc.silverstripe.org/framework/en/trunk/changelogs/2.4.7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "https://github.com/silverstripe/sapphire/commit/0085876"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-08-26 18:55
Modified
2025-04-11 00:51
Severity ?
Summary
The deleteinstallfiles function in control/ContentController.php in SilverStripe 2.3.x before 2.3.7 does not require ADMIN permissions, which allows remote attackers to delete index.php and "disrupt mod_rewrite-less URL routing."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| silverstripe | silverstripe | 2.3.0 | |
| silverstripe | silverstripe | 2.3.0 | |
| silverstripe | silverstripe | 2.3.0 | |
| silverstripe | silverstripe | 2.3.0 | |
| silverstripe | silverstripe | 2.3.1 | |
| silverstripe | silverstripe | 2.3.1 | |
| silverstripe | silverstripe | 2.3.1 | |
| silverstripe | silverstripe | 2.3.2 | |
| silverstripe | silverstripe | 2.3.3 | |
| silverstripe | silverstripe | 2.3.4 | |
| silverstripe | silverstripe | 2.3.5 | |
| silverstripe | silverstripe | 2.3.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "24734325-97DA-4B2C-B192-3F4B83CCF0C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D875C510-39F2-4726-9DBD-3D95A5CB3D5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "BE8C544D-E233-488D-B768-8C077BB79338",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "26E1807F-7DEB-4519-95B9-4FA647C7D477",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "609BEA7D-81F2-4DFE-AB2A-157A6B7DE348",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "FAB67F4E-0E56-4597-BD9B-90D07685D7F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "AA541F02-F78A-4E43-8212-690810311187",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7856E216-D7B7-48A5-9D20-9F1973DA005D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DF4FF5F5-6565-4EA1-8099-2C4C964DA006",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7E0AD691-1BA2-4D8B-935C-B2C7A31BD5ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2AD30632-B31E-4425-827E-205351ABECE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "706247B5-ACA3-4863-BDBC-B42EA95E1476",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The deleteinstallfiles function in control/ContentController.php in SilverStripe 2.3.x before 2.3.7 does not require ADMIN permissions, which allows remote attackers to delete index.php and \"disrupt mod_rewrite-less URL routing.\""
},
{
"lang": "es",
"value": "La funci\u00f3n deleteinstallfiles en control/ContentController.php en SilverStripe v2.3.x anterior a v2.3.7 no requiere permisos de adminstrador (ADMIN), lo cual permite a atacantes remotos borrar el fichero index.php e interrumpir el enrutado URL enmod_rewrite-less (disrupt mod_rewrite-less URL routing)."
}
],
"id": "CVE-2010-5094",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-08-26T18:55:01.480",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.3.7"
},
{
"source": "secalert@redhat.com",
"url": "http://open.silverstripe.org/changeset/101227"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/3"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/05/01/3"
},
{
"source": "secalert@redhat.com",
"url": "http://www.silverstripe.org/security-releases"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.3.7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://open.silverstripe.org/changeset/101227"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/05/01/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.silverstripe.org/security-releases"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-04-08 14:22
Modified
2025-04-12 10:46
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the process function in SSViewer.php in SilverStripe before 2.3.13 and 2.4.x before 2.4.6 allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING to template placeholders, as demonstrated by a request to (1) admin/reports/, (2) admin/comments/, (3) admin/, (4) admin/show/, (5) admin/assets/, and (6) admin/security/.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| silverstripe | silverstripe | * | |
| silverstripe | silverstripe | 2.3.0 | |
| silverstripe | silverstripe | 2.3.0 | |
| silverstripe | silverstripe | 2.3.0 | |
| silverstripe | silverstripe | 2.3.0 | |
| silverstripe | silverstripe | 2.3.1 | |
| silverstripe | silverstripe | 2.3.1 | |
| silverstripe | silverstripe | 2.3.1 | |
| silverstripe | silverstripe | 2.3.2 | |
| silverstripe | silverstripe | 2.3.3 | |
| silverstripe | silverstripe | 2.3.4 | |
| silverstripe | silverstripe | 2.3.5 | |
| silverstripe | silverstripe | 2.3.6 | |
| silverstripe | silverstripe | 2.3.7 | |
| silverstripe | silverstripe | 2.3.8 | |
| silverstripe | silverstripe | 2.3.9 | |
| silverstripe | silverstripe | 2.3.10 | |
| silverstripe | silverstripe | 2.3.11 | |
| silverstripe | silverstripe | 2.4.0 | |
| silverstripe | silverstripe | 2.4.1 | |
| silverstripe | silverstripe | 2.4.2 | |
| silverstripe | silverstripe | 2.4.3 | |
| silverstripe | silverstripe | 2.4.4 | |
| silverstripe | silverstripe | 2.4.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*",
"matchCriteriaId": "499D285F-5CC3-4B60-99FB-31ED5DD21FCB",
"versionEndIncluding": "2.3.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "24734325-97DA-4B2C-B192-3F4B83CCF0C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D875C510-39F2-4726-9DBD-3D95A5CB3D5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "BE8C544D-E233-488D-B768-8C077BB79338",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "26E1807F-7DEB-4519-95B9-4FA647C7D477",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "609BEA7D-81F2-4DFE-AB2A-157A6B7DE348",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "FAB67F4E-0E56-4597-BD9B-90D07685D7F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "AA541F02-F78A-4E43-8212-690810311187",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7856E216-D7B7-48A5-9D20-9F1973DA005D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DF4FF5F5-6565-4EA1-8099-2C4C964DA006",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7E0AD691-1BA2-4D8B-935C-B2C7A31BD5ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2AD30632-B31E-4425-827E-205351ABECE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "706247B5-ACA3-4863-BDBC-B42EA95E1476",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "87690027-1CF7-477E-91FE-87E6F77B2988",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "9731FCBA-AA01-4510-87B1-E547AD28D09D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0EE10366-8242-49B1-9F4F-E79304424A27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C3B8C3E7-E464-478E-A1DE-D7DF894183F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "84FD5A9A-21F4-4845-9162-F32B05EC734A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F5BCB4DE-0432-4378-8A31-81208794EBD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DE198516-3D97-4804-84CF-8F9AAC60E795",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "534AD362-1460-4784-97C8-3AA5DD830F94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FA54E0DE-33DC-445D-8154-4DC580BA8812",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5049C8FF-A147-49AE-AF1B-D6F26BFE2B7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5FCD3B4E-6E0F-413B-8DDD-CB259C0EE40E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the process function in SSViewer.php in SilverStripe before 2.3.13 and 2.4.x before 2.4.6 allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING to template placeholders, as demonstrated by a request to (1) admin/reports/, (2) admin/comments/, (3) admin/, (4) admin/show/, (5) admin/assets/, and (6) admin/security/."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en la funci\u00f3n de proceso en SSViewer.php en SilverStripe anterior a 2.3.13 y 2.4.x anterior a 2.4.6 permite a atacantes remotos inyectar script Web o HTML arbitrarios a trav\u00e9s de QUERY_STRING hacia marcadores de posici\u00f3n de plantillas, tal y como fue demostrado por una solicitud hacia (1) admin/reports/, (2) admin/comments/, (3) admin/, (4) admin/show/, (5) admin/assets/ y (6) admin/security/."
}
],
"id": "CVE-2011-4958",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-04-08T14:22:07.693",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://doc.silverstripe.org/sapphire/en/trunk/changelogs/2.3.12"
},
{
"source": "secalert@redhat.com",
"url": "http://doc.silverstripe.org/sapphire/en/trunk/changelogs/2.4.6"
},
{
"source": "secalert@redhat.com",
"url": "http://osvdb.org/76258"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/46390"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://www.rul3z.de/advisories/SSCHADV2011-024.txt"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/archive/1/520050/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "https://github.com/silverstripe/sapphire/commit/16c3235"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "https://github.com/silverstripe/sapphire/commit/52a895f"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "https://github.com/silverstripe/sapphire/commit/bdd6391"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://doc.silverstripe.org/sapphire/en/trunk/changelogs/2.3.12"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://doc.silverstripe.org/sapphire/en/trunk/changelogs/2.4.6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/76258"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/46390"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.rul3z.de/advisories/SSCHADV2011-024.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/520050/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "https://github.com/silverstripe/sapphire/commit/16c3235"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "https://github.com/silverstripe/sapphire/commit/52a895f"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "https://github.com/silverstripe/sapphire/commit/bdd6391"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-07-15 19:15
Modified
2024-11-21 04:34
Severity ?
Summary
Silverstripe CMS sites through 4.4.4 which have opted into HTTP Cache Headers on responses served by the framework's HTTP layer can be vulnerable to web cache poisoning. Through modifying the X-Original-Url and X-HTTP-Method-Override headers, responses with malicious HTTP headers can return unexpected responses to other consumers of this cached response. Most other headers associated with web cache poisoning are already disabled through request hostname forgery whitelists.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| silverstripe | silverstripe | * | |
| silverstripe | silverstripe | * | |
| silverstripe | silverstripe | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7605240F-F74B-4190-B15A-D2B49C145B45",
"versionEndExcluding": "3.7.5",
"versionStartIncluding": "3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FA2589F5-9B99-4DE2-96F0-F59D7F58987D",
"versionEndExcluding": "4.4.7",
"versionStartIncluding": "4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2C4AD7A3-B9F1-463E-95D8-B47AF68463FE",
"versionEndExcluding": "4.5.4",
"versionStartIncluding": "4.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Silverstripe CMS sites through 4.4.4 which have opted into HTTP Cache Headers on responses served by the framework\u0027s HTTP layer can be vulnerable to web cache poisoning. Through modifying the X-Original-Url and X-HTTP-Method-Override headers, responses with malicious HTTP headers can return unexpected responses to other consumers of this cached response. Most other headers associated with web cache poisoning are already disabled through request hostname forgery whitelists."
},
{
"lang": "es",
"value": "Los sitios de Silverstripe CMS versiones hasta 4.4.4 que han optado por Encabezados HTTP Cache en las respuestas atendidas por medio de la capa HTTP del framework pueden ser vulnerables al envenenamiento de la cach\u00e9 web. Mediante la modificaci\u00f3n de los encabezados X-Original-Url y X-HTTP-Method-Override, las respuestas con encabezados HTTP maliciosos pueden devolver respuestas inesperadas a otros consumidores de esta respuesta almacenada en cach\u00e9. La mayor\u00eda de los otros encabezados asociados con el envenenamiento de la cach\u00e9 web ya est\u00e1n deshabilitados por medio de las listas blancas de falsificaci\u00f3n del nombre de host de la petici\u00f3n"
}
],
"id": "CVE-2019-19326",
"lastModified": "2024-11-21T04:34:34.667",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-07-15T19:15:11.180",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.silverstripe.org/download/security-releases/CVE-2019-19326"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.silverstripe.org/download/security-releases/CVE-2019-19326"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-444"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-01-23 06:29
Modified
2024-11-21 03:19
Severity ?
Summary
In the CSV export feature of SilverStripe before 3.5.6, 3.6.x before 3.6.3, and 4.x before 4.0.1, it's possible for the output to contain macros and scripts, which may be executed if imported without sanitization into common software (including Microsoft Excel). For example, the CSV data may contain untrusted user input from the "First Name" field of a user's /myprofile page.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.exploit-db.com/exploits/43396/ | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://www.silverstripe.org/download/security-releases/ss-2017-007 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/43396/ | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.silverstripe.org/download/security-releases/ss-2017-007 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| silverstripe | silverstripe | * | |
| silverstripe | silverstripe | * | |
| silverstripe | silverstripe | 4.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3ED2EE6E-6402-425B-8B91-6D2A327B24B6",
"versionEndIncluding": "3.5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5CA0F665-3686-4BEE-B33C-ED7A2D603B26",
"versionEndIncluding": "3.6.2",
"versionStartIncluding": "3.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EAC46066-F374-4F81-8F79-0608681B98A4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the CSV export feature of SilverStripe before 3.5.6, 3.6.x before 3.6.3, and 4.x before 4.0.1, it\u0027s possible for the output to contain macros and scripts, which may be executed if imported without sanitization into common software (including Microsoft Excel). For example, the CSV data may contain untrusted user input from the \"First Name\" field of a user\u0027s /myprofile page."
},
{
"lang": "es",
"value": "En la caracter\u00edstica de exportaci\u00f3n CSV de SilverStripe, en versiones anteriores a la 3.5.6, versiones 3.6.x anteriores a la 3.6.3 y versiones 4.x anteriores a la 4.0.1, es posible que los valores de salida contengan macros y scripts, que podr\u00edan ejecutarse si se importan sin sanear en software com\u00fan (incluyendo Microsoft Excel). Por ejemplo, los datos CSV podr\u00edan contener entradas de usuario no fiables del campo \"First Name\" de la p\u00e1gina /myprofile de un usuario."
}
],
"id": "CVE-2017-18049",
"lastModified": "2024-11-21T03:19:15.057",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-01-23T06:29:00.277",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/43396/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.silverstripe.org/download/security-releases/ss-2017-007"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/43396/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.silverstripe.org/download/security-releases/ss-2017-007"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-74"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-04-24 23:30
Modified
2025-04-09 00:30
Severity ?
Summary
SQL injection vulnerability in File::find (filesystem/File.php) in SilverStripe before 2.3.1 allows remote attackers to execute arbitrary SQL commands via the filename parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| silverstripe | silverstripe | * | |
| silverstripe | silverstripe | 2.0.0 | |
| silverstripe | silverstripe | 2.0.1 | |
| silverstripe | silverstripe | 2.0.2 | |
| silverstripe | silverstripe | 2.1.0 | |
| silverstripe | silverstripe | 2.1.1 | |
| silverstripe | silverstripe | 2.2.0 | |
| silverstripe | silverstripe | 2.2.1 | |
| silverstripe | silverstripe | 2.2.2 | |
| silverstripe | silverstripe | 2.2.4 | |
| silverstripe | silverstripe | 2.3.0 | |
| silverstripe | silverstripe | 2.3.0 | |
| silverstripe | silverstripe | 2.3.0 | |
| silverstripe | silverstripe | 2.3.0 | |
| silverstripe | silverstripe | 2.3.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:*:rc2:*:*:*:*:*:*",
"matchCriteriaId": "FCA6B176-316E-40D6-932A-8DEA9EE7E0DB",
"versionEndIncluding": "2.3.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D93D92D9-A3CC-46D0-8539-587F2B3A3A07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6330F446-45E8-4C3E-8585-4BAA9385DFD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3AC23F5D-AC9E-4F83-95B2-CEF6E546E732",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "77480CB4-04B8-4934-AB1D-B61BB262CD40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D735517-B50D-4C4B-A95F-E48626AB5671",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8CA1CDF7-D273-4044-94AB-3295EAD98AD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EE8AB709-B4E7-4D48-8481-08BBCD9121A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3D51AEAF-EACD-4E52-85D4-5A54A443EDBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "800CC172-F319-41A2-8C29-8944B98930B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "24734325-97DA-4B2C-B192-3F4B83CCF0C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D875C510-39F2-4726-9DBD-3D95A5CB3D5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "BE8C544D-E233-488D-B768-8C077BB79338",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "26E1807F-7DEB-4519-95B9-4FA647C7D477",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "FAB67F4E-0E56-4597-BD9B-90D07685D7F7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in File::find (filesystem/File.php) in SilverStripe before 2.3.1 allows remote attackers to execute arbitrary SQL commands via the filename parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en File::find (filesystem/File.php) in SilverStripe antes de v2.3.1 permite a atacantes remotos ejecutar comandos SQL a trav\u00e9s del par\u00e1metro de nombre de archivo."
}
],
"id": "CVE-2009-1433",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-04-24T23:30:00.170",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://open.silverstripe.com/ticket/3721"
},
{
"source": "cve@mitre.org",
"url": "http://open.silverstripe.com/wiki/ChangeLog/2.3.1"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/53589"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34633"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/34485"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://open.silverstripe.com/ticket/3721"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://open.silverstripe.com/wiki/ChangeLog/2.3.1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/53589"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34633"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/34485"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-09-17 17:55
Modified
2025-04-11 00:51
Severity ?
Summary
SQL injection vulnerability in the Folder::findOrMake method in SilverStripe 2.3.x before 2.3.12 and 2.4.x before 2.4.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| silverstripe | silverstripe | 2.3.0 | |
| silverstripe | silverstripe | 2.3.1 | |
| silverstripe | silverstripe | 2.3.2 | |
| silverstripe | silverstripe | 2.3.3 | |
| silverstripe | silverstripe | 2.3.4 | |
| silverstripe | silverstripe | 2.3.5 | |
| silverstripe | silverstripe | 2.3.6 | |
| silverstripe | silverstripe | 2.3.7 | |
| silverstripe | silverstripe | 2.3.8 | |
| silverstripe | silverstripe | 2.3.9 | |
| silverstripe | silverstripe | 2.3.10 | |
| silverstripe | silverstripe | 2.3.11 | |
| silverstripe | silverstripe | 2.4.0 | |
| silverstripe | silverstripe | 2.4.1 | |
| silverstripe | silverstripe | 2.4.2 | |
| silverstripe | silverstripe | 2.4.3 | |
| silverstripe | silverstripe | 2.4.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "24734325-97DA-4B2C-B192-3F4B83CCF0C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "609BEA7D-81F2-4DFE-AB2A-157A6B7DE348",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7856E216-D7B7-48A5-9D20-9F1973DA005D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DF4FF5F5-6565-4EA1-8099-2C4C964DA006",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7E0AD691-1BA2-4D8B-935C-B2C7A31BD5ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2AD30632-B31E-4425-827E-205351ABECE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "706247B5-ACA3-4863-BDBC-B42EA95E1476",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "87690027-1CF7-477E-91FE-87E6F77B2988",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "9731FCBA-AA01-4510-87B1-E547AD28D09D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0EE10366-8242-49B1-9F4F-E79304424A27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C3B8C3E7-E464-478E-A1DE-D7DF894183F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "84FD5A9A-21F4-4845-9162-F32B05EC734A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F5BCB4DE-0432-4378-8A31-81208794EBD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DE198516-3D97-4804-84CF-8F9AAC60E795",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "534AD362-1460-4784-97C8-3AA5DD830F94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FA54E0DE-33DC-445D-8154-4DC580BA8812",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5FCD3B4E-6E0F-413B-8DDD-CB259C0EE40E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Folder::findOrMake method in SilverStripe 2.3.x before 2.3.12 and 2.4.x before 2.4.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Una vulnerabilidad de inyecci\u00f3n SQL en el m\u00e9todo Folder::findOrMake en SilverStripe v2.3.x antes de v2.3.12 y v2.4.x antes de v2.4.6 permite a atacantes remotos ejecutar comandos SQL a trav\u00e9s de vectores no especificados.\r\n"
}
],
"id": "CVE-2011-4960",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-09-17T17:55:02.860",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://doc.silverstripe.org/framework/en/trunk/changelogs/2.3.12"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://doc.silverstripe.org/framework/en/trunk/changelogs/2.4.6"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/3"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "https://github.com/silverstripe/sapphire/commit/fef7c32"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://doc.silverstripe.org/framework/en/trunk/changelogs/2.3.12"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://doc.silverstripe.org/framework/en/trunk/changelogs/2.4.6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "https://github.com/silverstripe/sapphire/commit/fef7c32"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-09-15 18:29
Modified
2025-04-20 01:37
Severity ?
Summary
SilverStripe CMS before 3.6.1 has XSS via an SVG document that is mishandled by (1) the Insert Media option in the content editor or (2) an admin/assets/add pathname, as demonstrated by the admin/pages/edit/EditorToolbar/MediaForm/field/AssetUploadField/upload URI, aka issue SS-2017-017.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| silverstripe | silverstripe | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BA11EA4A-649D-4DFC-926A-6804AD312F48",
"versionEndIncluding": "3.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SilverStripe CMS before 3.6.1 has XSS via an SVG document that is mishandled by (1) the Insert Media option in the content editor or (2) an admin/assets/add pathname, as demonstrated by the admin/pages/edit/EditorToolbar/MediaForm/field/AssetUploadField/upload URI, aka issue SS-2017-017."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de tipo Cross-Site Scripting (XSS) en SilverStripe CMS en versiones anteriores a la 3.6.1 mediante un documento SVG que no es gestionado correctamente por (1) la opci\u00f3n Insert Media en el editor de contenidos o (2) un nombre de ruta admin/assets/add, tal y como demuestra la URI admin/pages/edit/EditorToolbar/MediaForm/field/AssetUploadField/upload. Este problema tambi\u00e9n se conoce como SS-2017-017."
}
],
"id": "CVE-2017-14498",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-09-15T18:29:00.227",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.openwall.net/full-disclosure/2017/09/14/2"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://docs.silverstripe.org/en/3/changelogs/3.6.1"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/silverstripe/silverstripe-framework/commit/25b77a2ff8deabe8e8894002b9a5647eaec27b0a"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/silverstripe/silverstripe-installer/commit/c25478bef75cc5482852e80a1fa6f1f0e6460e39"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.openwall.net/full-disclosure/2017/09/14/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://docs.silverstripe.org/en/3/changelogs/3.6.1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/silverstripe/silverstripe-framework/commit/25b77a2ff8deabe8e8894002b9a5647eaec27b0a"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/silverstripe/silverstripe-installer/commit/c25478bef75cc5482852e80a1fa6f1f0e6460e39"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-11-13 00:55
Modified
2025-04-11 00:51
Severity ?
Summary
security/MemberLoginForm.php in SilverStripe 3.0.3 supports credentials in a GET request, which allows remote or local attackers to obtain sensitive information by reading web-server access logs, web-server Referer logs, or the browser history, a similar vulnerability to CVE-2013-2653.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| silverstripe | silverstripe | 3.0.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "80B4D143-794B-4155-A654-B621A3180917",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "security/MemberLoginForm.php in SilverStripe 3.0.3 supports credentials in a GET request, which allows remote or local attackers to obtain sensitive information by reading web-server access logs, web-server Referer logs, or the browser history, a similar vulnerability to CVE-2013-2653."
},
{
"lang": "es",
"value": "security/ MemberLoginForm.php en SilverStripe 3.0.3 apoya las credenciales en una solicitud GET, que permite a atacantes remotos o locales obtener informaci\u00f3n sensible mediante la lectura de los registros de log de acceso del servidor web, logsReferer del servidor web, o el historial del navegador, una vulnerabilidad similar a CVE-2013-2653."
}
],
"id": "CVE-2013-6789",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-11-13T00:55:03.747",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://seclists.org/bugtraq/2013/Aug/12"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/chillu/silverstripe-framework/commit/3e88c98ca513880e2b43ed7f27ade17fef5d9170"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://seclists.org/bugtraq/2013/Aug/12"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/chillu/silverstripe-framework/commit/3e88c98ca513880e2b43ed7f27ade17fef5d9170"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-09-26 12:15
Modified
2024-11-21 04:26
Severity ?
Summary
In SilverStripe asset-admin 4.0, there is XSS in file titles managed through the CMS.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://forum.silverstripe.org/c/releases | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://www.silverstripe.org/blog/tag/release | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://www.silverstripe.org/download/security-releases/ | Vendor Advisory | |
| cve@mitre.org | https://www.silverstripe.org/download/security-releases/CVE-2019-14272 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://forum.silverstripe.org/c/releases | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.silverstripe.org/blog/tag/release | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.silverstripe.org/download/security-releases/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.silverstripe.org/download/security-releases/CVE-2019-14272 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| silverstripe | silverstripe | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*",
"matchCriteriaId": "502C6825-6918-4A05-A208-1A9DF138B8C6",
"versionEndIncluding": "4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In SilverStripe asset-admin 4.0, there is XSS in file titles managed through the CMS."
},
{
"lang": "es",
"value": "En SilverStripe asset-admin versi\u00f3n 4.0, se presenta una vulnerabilidad de tipo XSS en los t\u00edtulos de archivos administrados mediante el CMS."
}
],
"id": "CVE-2019-14272",
"lastModified": "2024-11-21T04:26:20.580",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-09-26T12:15:11.267",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://forum.silverstripe.org/c/releases"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.silverstripe.org/blog/tag/release"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.silverstripe.org/download/security-releases/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.silverstripe.org/download/security-releases/CVE-2019-14272"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://forum.silverstripe.org/c/releases"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.silverstripe.org/blog/tag/release"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.silverstripe.org/download/security-releases/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.silverstripe.org/download/security-releases/CVE-2019-14272"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-11-23 03:15
Modified
2025-04-25 21:15
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
Silverstripe silverstripe/cms through 4.11.0 allows XSS.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://forum.silverstripe.org/c/releases | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://www.silverstripe.org/blog/tag/release | Patch, Vendor Advisory | |
| cve@mitre.org | https://www.silverstripe.org/download/security-releases/ | Vendor Advisory | |
| cve@mitre.org | https://www.silverstripe.org/download/security-releases/CVE-2022-37421 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://forum.silverstripe.org/c/releases | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.silverstripe.org/blog/tag/release | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.silverstripe.org/download/security-releases/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.silverstripe.org/download/security-releases/CVE-2022-37421 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| silverstripe | silverstripe | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C7AD6F2E-84C9-4EAD-A75F-9EAF015F87A8",
"versionEndExcluding": "4.11.3",
"versionStartIncluding": "3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Silverstripe silverstripe/cms through 4.11.0 allows XSS."
},
{
"lang": "es",
"value": "El cms de Silverstripe hasta 4.11.0 permite XSS."
}
],
"id": "CVE-2022-37421",
"lastModified": "2025-04-25T21:15:32.857",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2022-11-23T03:15:10.180",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://forum.silverstripe.org/c/releases"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.silverstripe.org/blog/tag/release"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.silverstripe.org/download/security-releases/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.silverstripe.org/download/security-releases/CVE-2022-37421"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://forum.silverstripe.org/c/releases"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.silverstripe.org/blog/tag/release"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.silverstripe.org/download/security-releases/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.silverstripe.org/download/security-releases/CVE-2022-37421"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-04-28 23:30
Modified
2025-04-11 00:51
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in SilverStripe before 2.3.5 allow remote attackers to inject arbitrary web script or HTML via (1) the CommenterURL parameter to PostCommentForm, and in the Forum module before 0.2.5 in SilverStripe before 2.3.5 allow remote attackers to inject arbitrary web script or HTML via (2) the Search parameter to forums/search (aka the search script).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| silverstripe | silverstripe | * | |
| silverstripe | silverstripe | 2.0.0 | |
| silverstripe | silverstripe | 2.0.1 | |
| silverstripe | silverstripe | 2.0.2 | |
| silverstripe | silverstripe | 2.1.0 | |
| silverstripe | silverstripe | 2.1.1 | |
| silverstripe | silverstripe | 2.2.0 | |
| silverstripe | silverstripe | 2.2.1 | |
| silverstripe | silverstripe | 2.2.2 | |
| silverstripe | silverstripe | 2.2.4 | |
| silverstripe | silverstripe | 2.3.0 | |
| silverstripe | silverstripe | 2.3.0 | |
| silverstripe | silverstripe | 2.3.0 | |
| silverstripe | silverstripe | 2.3.0 | |
| silverstripe | silverstripe | 2.3.1 | |
| silverstripe | silverstripe | 2.3.1 | |
| silverstripe | silverstripe | 2.3.1 | |
| silverstripe | silverstripe | 2.3.2 | |
| silverstripe | silverstripe | 2.3.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*",
"matchCriteriaId": "58772C70-26CB-4BE1-9C76-C8C4C45E40D8",
"versionEndIncluding": "2.3.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D93D92D9-A3CC-46D0-8539-587F2B3A3A07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6330F446-45E8-4C3E-8585-4BAA9385DFD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3AC23F5D-AC9E-4F83-95B2-CEF6E546E732",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "77480CB4-04B8-4934-AB1D-B61BB262CD40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D735517-B50D-4C4B-A95F-E48626AB5671",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8CA1CDF7-D273-4044-94AB-3295EAD98AD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EE8AB709-B4E7-4D48-8481-08BBCD9121A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3D51AEAF-EACD-4E52-85D4-5A54A443EDBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "800CC172-F319-41A2-8C29-8944B98930B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "24734325-97DA-4B2C-B192-3F4B83CCF0C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D875C510-39F2-4726-9DBD-3D95A5CB3D5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "BE8C544D-E233-488D-B768-8C077BB79338",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "26E1807F-7DEB-4519-95B9-4FA647C7D477",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "609BEA7D-81F2-4DFE-AB2A-157A6B7DE348",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "FAB67F4E-0E56-4597-BD9B-90D07685D7F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "AA541F02-F78A-4E43-8212-690810311187",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7856E216-D7B7-48A5-9D20-9F1973DA005D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DF4FF5F5-6565-4EA1-8099-2C4C964DA006",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in SilverStripe before 2.3.5 allow remote attackers to inject arbitrary web script or HTML via (1) the CommenterURL parameter to PostCommentForm, and in the Forum module before 0.2.5 in SilverStripe before 2.3.5 allow remote attackers to inject arbitrary web script or HTML via (2) the Search parameter to forums/search (aka the search script)."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en SilverStripe anterior a v2.3.5, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s 1) el par\u00e1metro CommenterURL en PostCommentForm, y en el m\u00f3dulo Forum anterior a v0.2.5 en SilverStripe anterior a v2.3.5 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s de (2) el par\u00e1metro Search en forums/search (tambi\u00e9n conocido como la secuencia de comandos de b\u00fasqueda)."
}
],
"id": "CVE-2010-1593",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-04-28T23:30:00.603",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-01/0450.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://groups.google.com/group/silverstripe-announce/browse_thread/thread/f51749342eee9456"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://open.silverstripe.org/changeset/97074"
},
{
"source": "cve@mitre.org",
"url": "http://open.silverstripe.org/wiki/ChangeLog/2.3.5"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/61921"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/61923"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38290"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38347"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/509139/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/37923"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.silverstripe.org/security-releases/"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55838"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55839"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-01/0450.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://groups.google.com/group/silverstripe-announce/browse_thread/thread/f51749342eee9456"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://open.silverstripe.org/changeset/97074"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://open.silverstripe.org/wiki/ChangeLog/2.3.5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/61921"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/61923"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38290"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38347"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/509139/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/37923"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.silverstripe.org/security-releases/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55838"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55839"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-08-26 18:55
Modified
2025-04-11 00:51
Severity ?
Summary
The Add Member dialog in the Security admin page in SilverStripe 2.4.0 saves user passwords in plaintext, which allows local users to obtain sensitive information by reading a database.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| silverstripe | silverstripe | 2.4.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F5BCB4DE-0432-4378-8A31-81208794EBD7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Add Member dialog in the Security admin page in SilverStripe 2.4.0 saves user passwords in plaintext, which allows local users to obtain sensitive information by reading a database."
},
{
"lang": "es",
"value": "El di\u00e1logo Add Member en la p\u00e1gina de administraci\u00f3n de seguridad en SilverStripe v2.4.0 guarda las contrase\u00f1as de usuario en texto plano sin cifrar, lo que permite a usuarios locales obtener informaci\u00f3n sensible a trav\u00e9s de la lectura de la base de datos."
}
],
"id": "CVE-2010-5092",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 1.9,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-08-26T18:55:01.387",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.4.1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://open.silverstripe.org/changeset/107532"
},
{
"source": "secalert@redhat.com",
"url": "http://open.silverstripe.org/ticket/5772"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/3"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/05/01/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.4.1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://open.silverstripe.org/changeset/107532"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://open.silverstripe.org/ticket/5772"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/05/01/3"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-255"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-08-26 18:55
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in SilverStripe 2.3.x before 2.3.6 allows remote attackers to inject arbitrary web script or HTML via vectors related to DataObjectSet pagination.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| silverstripe | silverstripe | 2.3.0 | |
| silverstripe | silverstripe | 2.3.0 | |
| silverstripe | silverstripe | 2.3.0 | |
| silverstripe | silverstripe | 2.3.0 | |
| silverstripe | silverstripe | 2.3.1 | |
| silverstripe | silverstripe | 2.3.1 | |
| silverstripe | silverstripe | 2.3.1 | |
| silverstripe | silverstripe | 2.3.2 | |
| silverstripe | silverstripe | 2.3.3 | |
| silverstripe | silverstripe | 2.3.4 | |
| silverstripe | silverstripe | 2.3.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "24734325-97DA-4B2C-B192-3F4B83CCF0C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D875C510-39F2-4726-9DBD-3D95A5CB3D5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "BE8C544D-E233-488D-B768-8C077BB79338",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "26E1807F-7DEB-4519-95B9-4FA647C7D477",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "609BEA7D-81F2-4DFE-AB2A-157A6B7DE348",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "FAB67F4E-0E56-4597-BD9B-90D07685D7F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "AA541F02-F78A-4E43-8212-690810311187",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7856E216-D7B7-48A5-9D20-9F1973DA005D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DF4FF5F5-6565-4EA1-8099-2C4C964DA006",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7E0AD691-1BA2-4D8B-935C-B2C7A31BD5ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2AD30632-B31E-4425-827E-205351ABECE6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in SilverStripe 2.3.x before 2.3.6 allows remote attackers to inject arbitrary web script or HTML via vectors related to DataObjectSet pagination."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de c\u00f3digo en sitios cruzados (XSS) en SilverStripe v2.3.x anterior a v2.3.6 permite a atacantes remotos inyectar c\u00f3digo web o HTML arbitrario a trav\u00e9s de vectores relacionados con la paginaci\u00f3n DataObjectSet."
}
],
"id": "CVE-2010-5095",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-08-26T18:55:01.527",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.3.6"
},
{
"source": "secalert@redhat.com",
"url": "http://groups.google.com/group/silverstripe-announce/browse_thread/thread/c75fbd7926ed2725?tvc=2\u0026fwc=1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38697"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/3"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/05/01/3"
},
{
"source": "secalert@redhat.com",
"url": "http://www.osvdb.org/62541"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/38394"
},
{
"source": "secalert@redhat.com",
"url": "http://www.silverstripe.org/security-releases"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56546"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.3.6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://groups.google.com/group/silverstripe-announce/browse_thread/thread/c75fbd7926ed2725?tvc=2\u0026fwc=1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38697"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/05/01/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/62541"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/38394"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.silverstripe.org/security-releases"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56546"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-04-11 19:29
Modified
2024-11-21 04:45
Severity ?
Summary
All versions of SilverStripe 3 prior to 3.6.7 and 3.7.3, and all versions of SilverStripe 4 prior to 4.0.7, 4.1.5, 4.2.4, and 4.3.1 allows Reflected SQL Injection through Form and DataObject.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| silverstripe | silverstripe | * | |
| silverstripe | silverstripe | * | |
| silverstripe | silverstripe | * | |
| silverstripe | silverstripe | * | |
| silverstripe | silverstripe | * | |
| silverstripe | silverstripe | 4.3.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*",
"matchCriteriaId": "52FA32B0-C0FF-4DAF-9E33-4B2D708B6E66",
"versionEndExcluding": "3.6.7",
"versionStartIncluding": "3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8B48C308-435C-42B8-B197-E8B6695B471B",
"versionEndExcluding": "3.7.3",
"versionStartIncluding": "3.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BD72A6A9-A21B-4E96-9789-B6D4839E2818",
"versionEndExcluding": "4.0.7",
"versionStartIncluding": "4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A5D83BB5-1475-44DF-AB31-7B7EE80C0843",
"versionEndExcluding": "4.1.5",
"versionStartIncluding": "4.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A04B00AF-FD3A-4757-9216-BB8964A86B6F",
"versionEndExcluding": "4.2.4",
"versionStartIncluding": "4.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:4.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C60EC34B-FFEF-46C7-B4CB-C2FD86228E0A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "All versions of SilverStripe 3 prior to 3.6.7 and 3.7.3, and all versions of SilverStripe 4 prior to 4.0.7, 4.1.5, 4.2.4, and 4.3.1 allows Reflected SQL Injection through Form and DataObject."
},
{
"lang": "es",
"value": "SilverStripe 3 todas las versiones anteriores a 3.6.7 y 3.7.3, y SilverStripe 4 todas las versiones anteriores a 4.0.7, 4.1.5, 4.2.4 y 4.3.1 permiten la inyecci\u00f3n SQL reflejada por medio de los componentes Form y DataObject."
}
],
"id": "CVE-2019-5715",
"lastModified": "2024-11-21T04:45:22.763",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-04-11T19:29:01.287",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.silverstripe.org/download/security-releases/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.silverstripe.org/download/security-releases/ss-2018-021"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.silverstripe.org/download/security-releases/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.silverstripe.org/download/security-releases/ss-2018-021"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-09-17 17:55
Modified
2025-04-11 00:51
Severity ?
Summary
SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4 uses weak entropy when generating tokens for (1) the CSRF protection mechanism, (2) autologin, (3) "forgot password" functionality, and (4) password salts, which makes it easier for remote attackers to bypass intended access restrictions via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| silverstripe | silverstripe | 2.3.0 | |
| silverstripe | silverstripe | 2.3.1 | |
| silverstripe | silverstripe | 2.3.2 | |
| silverstripe | silverstripe | 2.3.3 | |
| silverstripe | silverstripe | 2.3.4 | |
| silverstripe | silverstripe | 2.3.5 | |
| silverstripe | silverstripe | 2.3.6 | |
| silverstripe | silverstripe | 2.3.7 | |
| silverstripe | silverstripe | 2.3.8 | |
| silverstripe | silverstripe | 2.3.9 | |
| silverstripe | silverstripe | 2.4.0 | |
| silverstripe | silverstripe | 2.4.1 | |
| silverstripe | silverstripe | 2.4.2 | |
| silverstripe | silverstripe | 2.4.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "24734325-97DA-4B2C-B192-3F4B83CCF0C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "609BEA7D-81F2-4DFE-AB2A-157A6B7DE348",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7856E216-D7B7-48A5-9D20-9F1973DA005D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DF4FF5F5-6565-4EA1-8099-2C4C964DA006",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7E0AD691-1BA2-4D8B-935C-B2C7A31BD5ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2AD30632-B31E-4425-827E-205351ABECE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "706247B5-ACA3-4863-BDBC-B42EA95E1476",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "87690027-1CF7-477E-91FE-87E6F77B2988",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "9731FCBA-AA01-4510-87B1-E547AD28D09D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0EE10366-8242-49B1-9F4F-E79304424A27",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F5BCB4DE-0432-4378-8A31-81208794EBD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DE198516-3D97-4804-84CF-8F9AAC60E795",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "534AD362-1460-4784-97C8-3AA5DD830F94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FA54E0DE-33DC-445D-8154-4DC580BA8812",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4 uses weak entropy when generating tokens for (1) the CSRF protection mechanism, (2) autologin, (3) \"forgot password\" functionality, and (4) password salts, which makes it easier for remote attackers to bypass intended access restrictions via unspecified vectors."
},
{
"lang": "es",
"value": "SilverStripe 2.3.x antes de 2.3.10 y 2.4.x antes de 2.4.4 utiliza una entrop\u00eda d\u00e9bil para la generaci\u00f3n de fichas para (1) el mecanismo de protecci\u00f3n CSRF, (2) el inicio de sesi\u00f3n autom\u00e1tico (autologin), (3) la funcionalidad \"Olvid\u00f3 su contrase\u00f1a\" y (4) los \"password salts\", lo que hace que sea m\u00e1s f\u00e1cil para los atacantes remotos evitar las restricciones de acceso a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2010-5079",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-09-17T17:55:02.750",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://doc.silverstripe.org/framework/en/trunk/changelogs//2.3.10"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://doc.silverstripe.org/framework/en/trunk/changelogs//2.4.4"
},
{
"source": "secalert@redhat.com",
"url": "http://open.silverstripe.org/changeset/114497"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://open.silverstripe.org/changeset/114498"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://open.silverstripe.org/changeset/114503"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://open.silverstripe.org/changeset/114504"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://open.silverstripe.org/changeset/114505"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2011/01/03/12"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/3"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/05/01/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://doc.silverstripe.org/framework/en/trunk/changelogs//2.3.10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://doc.silverstripe.org/framework/en/trunk/changelogs//2.4.4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://open.silverstripe.org/changeset/114497"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://open.silverstripe.org/changeset/114498"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://open.silverstripe.org/changeset/114503"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://open.silverstripe.org/changeset/114504"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://open.silverstripe.org/changeset/114505"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2011/01/03/12"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/05/01/3"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-06-24 14:59
Modified
2025-04-12 10:46
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in SilverStripe CMS & Framework 3.1.13 allow remote attackers to inject arbitrary web script or HTML via the (1) admin_username or (2) admin_password parameter to install.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| silverstripe | silverstripe | 3.1.13 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:3.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "B79F50BB-3583-4B7F-942E-1122B1336C76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in SilverStripe CMS \u0026 Framework 3.1.13 allow remote attackers to inject arbitrary web script or HTML via the (1) admin_username or (2) admin_password parameter to install.php."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de XSS en SilverStripe CMS \u0026 Framework 3.1.13 permiten a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a trav\u00e9s del par\u00e1metro (1) admin_username o (2) admin_password en install.php."
}
],
"id": "CVE-2015-5063",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-06-24T14:59:05.517",
"references": [
{
"source": "cve@mitre.org",
"url": "http://hyp3rlinx.altervista.org/advisories/AS-SILVERSTRIPE0607.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/132223/SilverStripe-CMS-3.1.13-XSS-Open-Redirect.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/535716/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://hyp3rlinx.altervista.org/advisories/AS-SILVERSTRIPE0607.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/132223/SilverStripe-CMS-3.1.13-XSS-Open-Redirect.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/535716/100/0/threaded"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-08-26 18:55
Modified
2025-04-11 00:51
Severity ?
Summary
SilverStripe 2.3.x before 2.3.6 allows remote attackers to obtain sensitive information via the (1) debug_memory parameter to core/control/Director.php or (2) debug_profile parameter to main.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| silverstripe | silverstripe | 2.3.0 | |
| silverstripe | silverstripe | 2.3.0 | |
| silverstripe | silverstripe | 2.3.0 | |
| silverstripe | silverstripe | 2.3.0 | |
| silverstripe | silverstripe | 2.3.1 | |
| silverstripe | silverstripe | 2.3.1 | |
| silverstripe | silverstripe | 2.3.1 | |
| silverstripe | silverstripe | 2.3.2 | |
| silverstripe | silverstripe | 2.3.3 | |
| silverstripe | silverstripe | 2.3.4 | |
| silverstripe | silverstripe | 2.3.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "24734325-97DA-4B2C-B192-3F4B83CCF0C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D875C510-39F2-4726-9DBD-3D95A5CB3D5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "BE8C544D-E233-488D-B768-8C077BB79338",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "26E1807F-7DEB-4519-95B9-4FA647C7D477",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "609BEA7D-81F2-4DFE-AB2A-157A6B7DE348",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "FAB67F4E-0E56-4597-BD9B-90D07685D7F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "AA541F02-F78A-4E43-8212-690810311187",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7856E216-D7B7-48A5-9D20-9F1973DA005D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DF4FF5F5-6565-4EA1-8099-2C4C964DA006",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7E0AD691-1BA2-4D8B-935C-B2C7A31BD5ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2AD30632-B31E-4425-827E-205351ABECE6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SilverStripe 2.3.x before 2.3.6 allows remote attackers to obtain sensitive information via the (1) debug_memory parameter to core/control/Director.php or (2) debug_profile parameter to main.php."
},
{
"lang": "es",
"value": "SilverStripe v2.3.x anterior a v2.3.6 permite a atacantes remotos obtener informaci\u00f3n sensible a trav\u00e9s de (1) el par\u00e1metro debug_memory a core/control/Director.php o (2) el par\u00e1metro debug_profile a main.php."
}
],
"id": "CVE-2010-5188",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-08-26T18:55:01.620",
"references": [
{
"source": "cve@mitre.org",
"url": "http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.3.6"
},
{
"source": "cve@mitre.org",
"url": "http://groups.google.com/group/silverstripe-announce/browse_thread/thread/c75fbd7926ed2725?tvc=2\u0026fwc=1"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://open.silverstripe.org/changeset/98229"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://open.silverstripe.org/changeset/98230"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38697"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2012/05/01/3"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/62541"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/38394"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56546"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.3.6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://groups.google.com/group/silverstripe-announce/browse_thread/thread/c75fbd7926ed2725?tvc=2\u0026fwc=1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://open.silverstripe.org/changeset/98229"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://open.silverstripe.org/changeset/98230"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38697"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/05/01/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/62541"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/38394"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56546"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-04-27 00:19
Modified
2025-04-09 00:30
Severity ?
Summary
Unspecified vulnerability in the search functionality in SilverStripe 2.0.0 has unknown impact and attack vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| silverstripe | silverstripe | 2.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D93D92D9-A3CC-46D0-8539-587F2B3A3A07",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the search functionality in SilverStripe 2.0.0 has unknown impact and attack vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en la funcionalidad de b\u00fasqueda en SilverStripe 2.0.0 tiene un impacto desconocido y vectores de ataque."
}
],
"id": "CVE-2007-2321",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-04-27T00:19:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/35323"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24936"
},
{
"source": "cve@mitre.org",
"url": "http://www.silverstripe.com/silverstripe-2-0-1-released/"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/1537"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33883"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/35323"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24936"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.silverstripe.com/silverstripe-2-0-1-released/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/1537"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33883"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-09-25 19:15
Modified
2024-11-21 04:22
Severity ?
Summary
SilverStripe through 4.3.3 has Flash Clipboard Reflected XSS.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://forum.silverstripe.org/c/releases | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://www.silverstripe.org/download/security-releases/ | Vendor Advisory | |
| cve@mitre.org | https://www.silverstripe.org/download/security-releases/CVE-2019-12205 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://forum.silverstripe.org/c/releases | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.silverstripe.org/download/security-releases/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.silverstripe.org/download/security-releases/CVE-2019-12205 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| silverstripe | silverstripe | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5C33B9A7-7ACA-4030-8D41-B4F028B6835F",
"versionEndIncluding": "4.3.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SilverStripe through 4.3.3 has Flash Clipboard Reflected XSS."
},
{
"lang": "es",
"value": "SilverStripe versiones hasta 4.3.3, presenta una vulnerabilidad de tipo XSS Reflejada de Flash Clipboard."
}
],
"id": "CVE-2019-12205",
"lastModified": "2024-11-21T04:22:24.950",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-09-25T19:15:10.343",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://forum.silverstripe.org/c/releases"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.silverstripe.org/download/security-releases/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.silverstripe.org/download/security-releases/CVE-2019-12205"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://forum.silverstripe.org/c/releases"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.silverstripe.org/download/security-releases/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.silverstripe.org/download/security-releases/CVE-2019-12205"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-10-07 15:15
Modified
2024-11-21 06:00
Severity ?
Summary
Default SilverStripe GraphQL Server (aka silverstripe/graphql) 3.x through 3.4.1 permission checker not inherited by query subclass.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/silverstripe/silverstripe-graphql/releases | Release Notes, Third Party Advisory | |
| cve@mitre.org | https://www.silverstripe.org/download/security-releases/CVE-2021-28661 | Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/silverstripe/silverstripe-graphql/releases | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.silverstripe.org/download/security-releases/CVE-2021-28661 | Exploit, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| silverstripe | silverstripe | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*",
"matchCriteriaId": "81D9C48E-FF24-458D-B191-A6DC7D0B0572",
"versionEndIncluding": "3.4.1",
"versionStartIncluding": "3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Default SilverStripe GraphQL Server (aka silverstripe/graphql) 3.x through 3.4.1 permission checker not inherited by query subclass."
},
{
"lang": "es",
"value": "El comprobador de permisos predeterminado de SilverStripe GraphQL Server (tambi\u00e9n se conoce como silverstripe/graphql) versiones 3.x hasta 3.4.1, no es heredado por la subclase query"
}
],
"id": "CVE-2021-28661",
"lastModified": "2024-11-21T06:00:03.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-10-07T15:15:10.510",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/silverstripe/silverstripe-graphql/releases"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://www.silverstripe.org/download/security-releases/CVE-2021-28661"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/silverstripe/silverstripe-graphql/releases"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://www.silverstripe.org/download/security-releases/CVE-2021-28661"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-09-26 12:15
Modified
2024-11-21 04:26
Severity ?
Summary
In SilverStripe assets 4.0, there is broken access control on files.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://forum.silverstripe.org/c/releases | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://www.silverstripe.org/blog/tag/release | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://www.silverstripe.org/download/security-releases/ | Vendor Advisory | |
| cve@mitre.org | https://www.silverstripe.org/download/security-releases/CVE-2019-14273 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://forum.silverstripe.org/c/releases | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.silverstripe.org/blog/tag/release | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.silverstripe.org/download/security-releases/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.silverstripe.org/download/security-releases/CVE-2019-14273 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| silverstripe | silverstripe | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*",
"matchCriteriaId": "502C6825-6918-4A05-A208-1A9DF138B8C6",
"versionEndIncluding": "4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In SilverStripe assets 4.0, there is broken access control on files."
},
{
"lang": "es",
"value": "En SilverStripe assets versi\u00f3n 4.0, se presenta un control de acceso violado en los archivos."
}
],
"id": "CVE-2019-14273",
"lastModified": "2024-11-21T04:26:20.737",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-09-26T12:15:11.347",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://forum.silverstripe.org/c/releases"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.silverstripe.org/blog/tag/release"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.silverstripe.org/download/security-releases/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.silverstripe.org/download/security-releases/CVE-2019-14273"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://forum.silverstripe.org/c/releases"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.silverstripe.org/blog/tag/release"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.silverstripe.org/download/security-releases/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.silverstripe.org/download/security-releases/CVE-2019-14273"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-552"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-07-15 21:15
Modified
2024-11-21 05:40
Severity ?
Summary
In SilverStripe through 4.5, malicious users with a valid Silverstripe CMS login (usually CMS access) can craft profile information which can lead to XSS for other users through specially crafted login form URLs.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| silverstripe | silverstripe | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7605240F-F74B-4190-B15A-D2B49C145B45",
"versionEndExcluding": "3.7.5",
"versionStartIncluding": "3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In SilverStripe through 4.5, malicious users with a valid Silverstripe CMS login (usually CMS access) can craft profile information which can lead to XSS for other users through specially crafted login form URLs."
},
{
"lang": "es",
"value": "En SilverStripe versiones hasta 4.5, los usuarios maliciosos con un inicio de sesi\u00f3n v\u00e1lido de Silverstripe CMS (generalmente acceso CMS) pueden crear informaci\u00f3n del perfil que puede conllevar a un ataque de tipo XSS para otros usuarios por medio de una URL de formulario de inicio de sesi\u00f3n especialmente dise\u00f1ada"
}
],
"id": "CVE-2020-9311",
"lastModified": "2024-11-21T05:40:23.663",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-07-15T21:15:13.817",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.silverstripe.org/download/security-releases/CVE-2020-9311"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.silverstripe.org/download/security-releases/CVE-2020-9311"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-08-26 18:55
Modified
2025-04-11 00:51
Severity ?
Summary
SilverStripe before 2.4.2 allows remote authenticated users to change administrator passwords via vectors related to admin/security.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| silverstripe | silverstripe | * | |
| silverstripe | silverstripe | 2.0.0 | |
| silverstripe | silverstripe | 2.0.1 | |
| silverstripe | silverstripe | 2.0.2 | |
| silverstripe | silverstripe | 2.1.0 | |
| silverstripe | silverstripe | 2.1.1 | |
| silverstripe | silverstripe | 2.2.0 | |
| silverstripe | silverstripe | 2.2.1 | |
| silverstripe | silverstripe | 2.2.2 | |
| silverstripe | silverstripe | 2.2.4 | |
| silverstripe | silverstripe | 2.3.0 | |
| silverstripe | silverstripe | 2.3.0 | |
| silverstripe | silverstripe | 2.3.0 | |
| silverstripe | silverstripe | 2.3.0 | |
| silverstripe | silverstripe | 2.3.1 | |
| silverstripe | silverstripe | 2.3.1 | |
| silverstripe | silverstripe | 2.3.1 | |
| silverstripe | silverstripe | 2.3.2 | |
| silverstripe | silverstripe | 2.3.3 | |
| silverstripe | silverstripe | 2.3.4 | |
| silverstripe | silverstripe | 2.3.5 | |
| silverstripe | silverstripe | 2.3.6 | |
| silverstripe | silverstripe | 2.3.7 | |
| silverstripe | silverstripe | 2.3.8 | |
| silverstripe | silverstripe | 2.3.9 | |
| silverstripe | silverstripe | 2.3.10 | |
| silverstripe | silverstripe | 2.4.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D219CC61-29F0-4123-A8CA-0808D86FBC31",
"versionEndIncluding": "2.4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D93D92D9-A3CC-46D0-8539-587F2B3A3A07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6330F446-45E8-4C3E-8585-4BAA9385DFD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3AC23F5D-AC9E-4F83-95B2-CEF6E546E732",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "77480CB4-04B8-4934-AB1D-B61BB262CD40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D735517-B50D-4C4B-A95F-E48626AB5671",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8CA1CDF7-D273-4044-94AB-3295EAD98AD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EE8AB709-B4E7-4D48-8481-08BBCD9121A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3D51AEAF-EACD-4E52-85D4-5A54A443EDBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "800CC172-F319-41A2-8C29-8944B98930B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "24734325-97DA-4B2C-B192-3F4B83CCF0C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D875C510-39F2-4726-9DBD-3D95A5CB3D5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "BE8C544D-E233-488D-B768-8C077BB79338",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "26E1807F-7DEB-4519-95B9-4FA647C7D477",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "609BEA7D-81F2-4DFE-AB2A-157A6B7DE348",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "FAB67F4E-0E56-4597-BD9B-90D07685D7F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "AA541F02-F78A-4E43-8212-690810311187",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7856E216-D7B7-48A5-9D20-9F1973DA005D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DF4FF5F5-6565-4EA1-8099-2C4C964DA006",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7E0AD691-1BA2-4D8B-935C-B2C7A31BD5ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2AD30632-B31E-4425-827E-205351ABECE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "706247B5-ACA3-4863-BDBC-B42EA95E1476",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "87690027-1CF7-477E-91FE-87E6F77B2988",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "9731FCBA-AA01-4510-87B1-E547AD28D09D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0EE10366-8242-49B1-9F4F-E79304424A27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C3B8C3E7-E464-478E-A1DE-D7DF894183F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F5BCB4DE-0432-4378-8A31-81208794EBD7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SilverStripe before 2.4.2 allows remote authenticated users to change administrator passwords via vectors related to admin/security."
},
{
"lang": "es",
"value": "SilverStripe anterior a v2.4.2 permite a usuarios remotos autenticados cambiar la contrase\u00f1a de administrador a trav\u00e9s de vectores relacionados con admin/security."
}
],
"id": "CVE-2010-5090",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-08-26T18:55:01.263",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.4.2"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/3"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/05/01/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.4.2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/05/01/3"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-06-29 01:15
Modified
2024-11-21 06:57
Severity ?
Summary
In SilverStripe Framework through 2022-04-07, Stored XSS can occur in javascript link tags added via XMLHttpRequest (XHR).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| silverstripe | silverstripe | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*",
"matchCriteriaId": "26552B50-918D-49A2-A218-357A6F5DBFD6",
"versionEndExcluding": "4.10.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In SilverStripe Framework through 2022-04-07, Stored XSS can occur in javascript link tags added via XMLHttpRequest (XHR)."
},
{
"lang": "es",
"value": "En SilverStripe Framework versiones hasta 07-04-2022, un ataque de tipo XSS almacenado puede ocurrir en etiquetas de enlace javascript a\u00f1adidas por medio de XMLHttpRequest (XHR)"
}
],
"id": "CVE-2022-28803",
"lastModified": "2024-11-21T06:57:57.593",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-29T01:15:07.367",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://silverstripe.org"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.silverstripe.org/download/security-releases/cve-2022-28803"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://silverstripe.org"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.silverstripe.org/download/security-releases/cve-2022-28803"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-04-13 15:59
Modified
2025-04-12 10:46
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in SilverStripe CMS & Framework before 3.1.16 and 3.2.x before 3.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) Locale or (2) FailedLoginCount parameter to admin/security/EditForm/field/Members/item/new/ItemEditForm.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| silverstripe | silverstripe | * | |
| silverstripe | silverstripe | 3.2.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8192BAA8-2CE3-4EDE-B4DF-5BECD3C07DDC",
"versionEndIncluding": "3.1.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CB4AE05A-5677-4789-B4F7-F5316D371B40",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in SilverStripe CMS \u0026 Framework before 3.1.16 and 3.2.x before 3.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) Locale or (2) FailedLoginCount parameter to admin/security/EditForm/field/Members/item/new/ItemEditForm."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de XSS en SilverStripe CMS \u0026 Framework en versiones anteriores a 3.1.16 y 3.2.x en versiones anteriores a 3.2.1 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s del par\u00e1metro (1) Locale o (2) FailedLogenCount en admen/security/EditForm/field/Members/item/new/ItemEditForm."
}
],
"id": "CVE-2015-8606",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-04-13T15:59:09.743",
"references": [
{
"source": "cve@mitre.org",
"url": "http://seclists.org/fulldisclosure/2015/Dec/55"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2015/12/17/1"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2015/12/17/11"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2015/12/18/5"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.silverstripe.org/download/security-releases/ss-2015-026"
},
{
"source": "cve@mitre.org",
"url": "https://cybersecurityworks.com/zerodays/cve-2015-8606-silverstripe.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2015/Dec/55"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2015/12/17/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2015/12/17/11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2015/12/18/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.silverstripe.org/download/security-releases/ss-2015-026"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://cybersecurityworks.com/zerodays/cve-2015-8606-silverstripe.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-09-17 17:55
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the httpError method in sapphire/core/control/RequestHandler.php in SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4, when custom error handling is not used, allows remote attackers to inject arbitrary web script or HTML via "missing URL actions."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| silverstripe | silverstripe | 2.3.0 | |
| silverstripe | silverstripe | 2.3.1 | |
| silverstripe | silverstripe | 2.3.2 | |
| silverstripe | silverstripe | 2.3.3 | |
| silverstripe | silverstripe | 2.3.4 | |
| silverstripe | silverstripe | 2.3.5 | |
| silverstripe | silverstripe | 2.3.6 | |
| silverstripe | silverstripe | 2.3.7 | |
| silverstripe | silverstripe | 2.3.8 | |
| silverstripe | silverstripe | 2.3.9 | |
| silverstripe | silverstripe | 2.4.0 | |
| silverstripe | silverstripe | 2.4.1 | |
| silverstripe | silverstripe | 2.4.2 | |
| silverstripe | silverstripe | 2.4.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "24734325-97DA-4B2C-B192-3F4B83CCF0C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "609BEA7D-81F2-4DFE-AB2A-157A6B7DE348",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7856E216-D7B7-48A5-9D20-9F1973DA005D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DF4FF5F5-6565-4EA1-8099-2C4C964DA006",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7E0AD691-1BA2-4D8B-935C-B2C7A31BD5ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2AD30632-B31E-4425-827E-205351ABECE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "706247B5-ACA3-4863-BDBC-B42EA95E1476",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "87690027-1CF7-477E-91FE-87E6F77B2988",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "9731FCBA-AA01-4510-87B1-E547AD28D09D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0EE10366-8242-49B1-9F4F-E79304424A27",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F5BCB4DE-0432-4378-8A31-81208794EBD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DE198516-3D97-4804-84CF-8F9AAC60E795",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "534AD362-1460-4784-97C8-3AA5DD830F94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FA54E0DE-33DC-445D-8154-4DC580BA8812",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the httpError method in sapphire/core/control/RequestHandler.php in SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4, when custom error handling is not used, allows remote attackers to inject arbitrary web script or HTML via \"missing URL actions.\""
},
{
"lang": "es",
"value": "Una vulnerabilidad de ejecuci\u00f3n de comandos en sitios cruzados (XSS) en el m\u00e9todo httpError en spphire/core/control/RequestHandler.php en SilverStripe v2.3.x antes de v2.3.10 y v2.4.x antes de v2.4.4, cuando el control de errores personalizado no se utiliza, permite inyectar secuencias de comandos web o HTML a atacantes remotos a trav\u00e9s de \"acciones con URL que faltan\".\r\n"
}
],
"id": "CVE-2010-4823",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-09-17T17:55:02.517",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://doc.silverstripe.org/framework/en/trunk/changelogs//2.4.4"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "http://open.silverstripe.org/changeset/114444"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/42346"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2011/01/03/12"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/3"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/05/01/3"
},
{
"source": "secalert@redhat.com",
"url": "http://www.osvdb.org/69886"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/45367"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/63988"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://doc.silverstripe.org/framework/en/trunk/changelogs//2.4.4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://open.silverstripe.org/changeset/114444"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/42346"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2011/01/03/12"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/05/01/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/69886"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/45367"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/63988"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-07-15 21:15
Modified
2024-11-21 05:35
Severity ?
Summary
SilverStripe 4.5.0 allows attackers to read certain records that should not have been placed into a result set. This affects silverstripe/recipe-cms. The automatic permission-checking mechanism in the silverstripe/graphql module does not provide complete protection against lists that are limited (e.g., through pagination), resulting in records that should have failed a permission check being added to the final result set. GraphQL endpoints are configured by default (e.g., for assets), but the admin/graphql endpoint is access protected by default. This limits the vulnerability to all authenticated users, including those with limited permissions (e.g., where viewing records exposed through admin/graphql requires administrator permissions). However, if custom GraphQL endpoints have been configured for a specific implementation (usually under /graphql), this vulnerability could also be exploited through unauthenticated requests. This vulnerability only applies to reading records; it does not allow unauthorised changing of records.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| silverstripe | silverstripe | * | |
| silverstripe | silverstripe | * | |
| silverstripe | silverstripe | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*",
"matchCriteriaId": "00765C15-DFBF-4E37-8006-462AD46BD610",
"versionEndExcluding": "3.2.4",
"versionStartIncluding": "3.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*",
"matchCriteriaId": "951F1891-55FB-42FE-9AD3-C5FE30509021",
"versionEndExcluding": "3.3.0",
"versionStartIncluding": "3.2.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*",
"matchCriteriaId": "60B3D26E-3B53-48B4-9ACB-F2D816F13EA6",
"versionEndExcluding": "4.5.3",
"versionStartIncluding": "4.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SilverStripe 4.5.0 allows attackers to read certain records that should not have been placed into a result set. This affects silverstripe/recipe-cms. The automatic permission-checking mechanism in the silverstripe/graphql module does not provide complete protection against lists that are limited (e.g., through pagination), resulting in records that should have failed a permission check being added to the final result set. GraphQL endpoints are configured by default (e.g., for assets), but the admin/graphql endpoint is access protected by default. This limits the vulnerability to all authenticated users, including those with limited permissions (e.g., where viewing records exposed through admin/graphql requires administrator permissions). However, if custom GraphQL endpoints have been configured for a specific implementation (usually under /graphql), this vulnerability could also be exploited through unauthenticated requests. This vulnerability only applies to reading records; it does not allow unauthorised changing of records."
},
{
"lang": "es",
"value": "SilverStripe versi\u00f3n 4.5.0, permite a atacantes leer determinados registros que no deber\u00edan haberse colocado en un conjunto de resultados. Esto afecta a silverstripe/recipe-cms. El mecanismo autom\u00e1tico de comprobaci\u00f3n de permisos en el m\u00f3dulo silverstripe/graphql no proporciona protecci\u00f3n completa contra listas limitadas (por ejemplo, por medio de la paginaci\u00f3n), lo que resulta en registros que deber\u00edan haber fallado en una comprobaci\u00f3n de permisos que se agrega al conjunto de resultados final. Los endpoints de GraphQL est\u00e1n configurados por defecto (por ejemplo, para activos), pero el endpoint admin/graphql est\u00e1 protegido de acceso por defecto. Esto limita la vulnerabilidad a todos los usuarios autenticados, incluidos aquellos con permisos limitados (por ejemplo, cuando se visualiza registros expuestos por medio de admin/graphql requiere permisos de administrador). Sin embargo, si los endpoints personalizados de GraphQL han sido configurados para una implementaci\u00f3n espec\u00edfica (generalmente bajo /graphql), esta vulnerabilidad tambi\u00e9n podr\u00eda ser explotada por medio de peticiones no autenticadas. Esta vulnerabilidad solo se aplica a la lectura de registros; No permite el cambio no autorizado de registros"
}
],
"id": "CVE-2020-6165",
"lastModified": "2024-11-21T05:35:13.603",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-07-15T21:15:13.583",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.silverstripe.org/download/security-releases/CVE-2020-6165"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.silverstripe.org/download/security-releases/CVE-2020-6165"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-276"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-09-17 17:55
Modified
2025-04-11 00:51
Severity ?
Summary
code/sitefeatures/PageCommentInterface.php in SilverStripe 2.4.x before 2.4.6 might allow remote attackers to execute arbitrary code via a crafted cookie in a user comment submission, which is not properly handled when it is deserialized.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| silverstripe | silverstripe | 2.4.0 | |
| silverstripe | silverstripe | 2.4.1 | |
| silverstripe | silverstripe | 2.4.2 | |
| silverstripe | silverstripe | 2.4.3 | |
| silverstripe | silverstripe | 2.4.4 | |
| silverstripe | silverstripe | 2.4.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F5BCB4DE-0432-4378-8A31-81208794EBD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DE198516-3D97-4804-84CF-8F9AAC60E795",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "534AD362-1460-4784-97C8-3AA5DD830F94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FA54E0DE-33DC-445D-8154-4DC580BA8812",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5049C8FF-A147-49AE-AF1B-D6F26BFE2B7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5FCD3B4E-6E0F-413B-8DDD-CB259C0EE40E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "code/sitefeatures/PageCommentInterface.php in SilverStripe 2.4.x before 2.4.6 might allow remote attackers to execute arbitrary code via a crafted cookie in a user comment submission, which is not properly handled when it is deserialized."
},
{
"lang": "es",
"value": "code/sitefeatures/PageCommentInterface.php en SilverStripe v2.4.x antes de v2.4.6 podr\u00eda permitir a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de una cookie hecha a mano en el env\u00edo de comentarios de usuario, que no son correctamente gestionados cuando se deserializa.\r\n"
}
],
"id": "CVE-2011-4962",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-09-17T17:55:02.987",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://doc.silverstripe.org/framework/en/trunk/changelogs/2.4.6"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/3"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "https://github.com/silverstripe/silverstripe-cms/commit/d15e850"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://doc.silverstripe.org/framework/en/trunk/changelogs/2.4.6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "https://github.com/silverstripe/silverstripe-cms/commit/d15e850"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-06-08 18:15
Modified
2024-11-21 05:19
Severity ?
Summary
In SilverStripe through 4.6.0-rc1, a FormField with square brackets in the field name skips validation.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://forum.silverstripe.org/c/releases | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://www.silverstripe.org/blog/tag/release | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://www.silverstripe.org/download/security-releases/ | Vendor Advisory | |
| cve@mitre.org | https://www.silverstripe.org/download/security-releases/cve-2020-26138 | Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://forum.silverstripe.org/c/releases | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.silverstripe.org/blog/tag/release | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.silverstripe.org/download/security-releases/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.silverstripe.org/download/security-releases/cve-2020-26138 | Exploit, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| silverstripe | silverstripe | * | |
| silverstripe | silverstripe | 4.6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B53FA0A8-2DF2-4918-8ABB-B3DA0C81537F",
"versionEndExcluding": "4.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:4.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "CD381280-D40A-4645-8618-B5F753FE59D5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In SilverStripe through 4.6.0-rc1, a FormField with square brackets in the field name skips validation."
},
{
"lang": "es",
"value": "En SilverStripe versiones hasta 4.6.0-rc1, un FormField con corchetes en el nombre del campo omite la comprobaci\u00f3n"
}
],
"id": "CVE-2020-26138",
"lastModified": "2024-11-21T05:19:19.950",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-06-08T18:15:07.947",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://forum.silverstripe.org/c/releases"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.silverstripe.org/blog/tag/release"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.silverstripe.org/download/security-releases/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://www.silverstripe.org/download/security-releases/cve-2020-26138"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://forum.silverstripe.org/c/releases"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.silverstripe.org/blog/tag/release"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.silverstripe.org/download/security-releases/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://www.silverstripe.org/download/security-releases/cve-2020-26138"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-09-17 17:55
Modified
2025-04-11 00:51
Severity ?
Summary
core/model/MySQLDatabase.php in SilverStripe 2.4.x before 2.4.4, when the site is running in "live mode," allows remote attackers to obtain the SQL queries for a page via the showqueries and ajax parameters.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| silverstripe | silverstripe | 2.4.0 | |
| silverstripe | silverstripe | 2.4.1 | |
| silverstripe | silverstripe | 2.4.2 | |
| silverstripe | silverstripe | 2.4.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F5BCB4DE-0432-4378-8A31-81208794EBD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DE198516-3D97-4804-84CF-8F9AAC60E795",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "534AD362-1460-4784-97C8-3AA5DD830F94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FA54E0DE-33DC-445D-8154-4DC580BA8812",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "core/model/MySQLDatabase.php in SilverStripe 2.4.x before 2.4.4, when the site is running in \"live mode,\" allows remote attackers to obtain the SQL queries for a page via the showqueries and ajax parameters."
},
{
"lang": "es",
"value": "core/model/MySQLDatabase.php en SilverStripe 2.4.x anterior a v2.4.4, cuando el sitio se ejecuta en \"live mode\", permite a atacantes remotos obtener los comandos SQL de una p\u00e1gina a trav\u00e9s de los par\u00e1metros showqueries y ajax."
}
],
"id": "CVE-2010-4822",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-09-17T17:55:02.423",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://doc.silverstripe.org/framework/en/trunk/changelogs//2.4.4"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "http://open.silverstripe.org/changeset/114783"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/42346"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2011/01/03/12"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/3"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/05/01/3"
},
{
"source": "secalert@redhat.com",
"url": "http://www.osvdb.org/69885"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://doc.silverstripe.org/framework/en/trunk/changelogs//2.4.4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://open.silverstripe.org/changeset/114783"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/42346"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2011/01/03/12"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/05/01/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/69885"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-06-08 18:15
Modified
2024-11-21 05:18
Severity ?
Summary
SilverStripe through 4.6.0-rc1 has an XXE Vulnerability in CSSContentParser. A developer utility meant for parsing HTML within unit tests can be vulnerable to XML External Entity (XXE) attacks. When this developer utility is misused for purposes involving external or user submitted data in custom project code, it can lead to vulnerabilities such as XSS on HTML output rendered through this custom code. This is now mitigated by disabling external entities during parsing. (The correct CVE ID year is 2020 [CVE-2020-25817, not CVE-2021-25817]).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://forum.silverstripe.org/c/releases | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://www.silverstripe.org/blog/tag/release | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://www.silverstripe.org/download/security-releases/ | Vendor Advisory | |
| cve@mitre.org | https://www.silverstripe.org/download/security-releases/cve-2020-25817 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | https://forum.silverstripe.org/c/releases | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.silverstripe.org/blog/tag/release | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.silverstripe.org/download/security-releases/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.silverstripe.org/download/security-releases/cve-2020-25817 | Broken Link |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| silverstripe | silverstripe | * | |
| silverstripe | silverstripe | 4.6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B53FA0A8-2DF2-4918-8ABB-B3DA0C81537F",
"versionEndExcluding": "4.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:4.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "CD381280-D40A-4645-8618-B5F753FE59D5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SilverStripe through 4.6.0-rc1 has an XXE Vulnerability in CSSContentParser. A developer utility meant for parsing HTML within unit tests can be vulnerable to XML External Entity (XXE) attacks. When this developer utility is misused for purposes involving external or user submitted data in custom project code, it can lead to vulnerabilities such as XSS on HTML output rendered through this custom code. This is now mitigated by disabling external entities during parsing. (The correct CVE ID year is 2020 [CVE-2020-25817, not CVE-2021-25817])."
},
{
"lang": "es",
"value": "SilverStripe versiones hasta 4.6.0-rc1, presenta una vulnerabilidad de tipo XXE en CSSContentParser. Una utilidad para desarrolladores destinada a analizar HTML dentro de las pruebas unitarias puede ser vulnerable a ataques de tipo XML External Entity (XXE). Cuando esta utilidad para desarrolladores es usada de forma indebida para fines que implican datos externos o enviados por el usuario en el c\u00f3digo de proyectos personalizados, puede conllevar a vulnerabilidades de tipo XSS en la salida de HTML renderizada mediante este c\u00f3digo personalizado. Esto es mitigado ahora al desactivar las entidades externas durante el an\u00e1lisis sint\u00e1ctico. (El a\u00f1o correcto del CVE ID es 2020 [CVE-2020-25817, no CVE-2021-25817])"
}
],
"id": "CVE-2020-25817",
"lastModified": "2024-11-21T05:18:50.080",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-06-08T18:15:07.907",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://forum.silverstripe.org/c/releases"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.silverstripe.org/blog/tag/release"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.silverstripe.org/download/security-releases/"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "https://www.silverstripe.org/download/security-releases/cve-2020-25817"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://forum.silverstripe.org/c/releases"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.silverstripe.org/blog/tag/release"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.silverstripe.org/download/security-releases/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://www.silverstripe.org/download/security-releases/cve-2020-25817"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-611"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-11-13 00:55
Modified
2025-04-11 00:51
Severity ?
Summary
security/MemberLoginForm.php in SilverStripe 3.0.3 supports login using a GET request, which makes it easier for remote attackers to conduct phishing attacks without detection by the victim.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| silverstripe | silverstripe | 3.0.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "80B4D143-794B-4155-A654-B621A3180917",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "security/MemberLoginForm.php in SilverStripe 3.0.3 supports login using a GET request, which makes it easier for remote attackers to conduct phishing attacks without detection by the victim."
},
{
"lang": "es",
"value": "security/MemberLoginForm.php en SilverStripe 3.0.3 ofrece soporte al inicio de sesi\u00f3n mediante el uso de una petici\u00f3n GET, lo que hace m\u00e1s sencillo para atacantes remotos llevar a cabo ataques de phishing sin detecci\u00f3n por parte de la v\u00edctima."
}
],
"id": "CVE-2013-2653",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-11-13T00:55:02.887",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://seclists.org/bugtraq/2013/Aug/12"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/chillu/silverstripe-framework/commit/3e88c98ca513880e2b43ed7f27ade17fef5d9170"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://seclists.org/bugtraq/2013/Aug/12"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/chillu/silverstripe-framework/commit/3e88c98ca513880e2b43ed7f27ade17fef5d9170"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-10-07 14:15
Modified
2024-11-21 06:13
Severity ?
Summary
SilverStripe Framework through 4.8.1 allows XSS.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/silverstripe/silverstripe-framework/releases | Release Notes, Third Party Advisory | |
| cve@mitre.org | https://www.silverstripe.org/download/security-releases/CVE-2021-36150 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/silverstripe/silverstripe-framework/releases | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.silverstripe.org/download/security-releases/CVE-2021-36150 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| silverstripe | silverstripe | * | |
| silverstripe | silverstripe | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*",
"matchCriteriaId": "402A9171-4E2F-41A7-A341-309C04823E05",
"versionEndExcluding": "1.8.1",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B2C4EC4A-28E0-4BFB-8E41-74EC9C7823E4",
"versionEndIncluding": "4.8.1",
"versionStartExcluding": "1.9.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SilverStripe Framework through 4.8.1 allows XSS."
},
{
"lang": "es",
"value": "SilverStripe Framework versiones hasta 4.8.1, permite un ataque de tipo XSS"
}
],
"id": "CVE-2021-36150",
"lastModified": "2024-11-21T06:13:12.290",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-10-07T14:15:08.160",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/silverstripe/silverstripe-framework/releases"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.silverstripe.org/download/security-releases/CVE-2021-36150"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/silverstripe/silverstripe-framework/releases"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.silverstripe.org/download/security-releases/CVE-2021-36150"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-10-12 15:29
Modified
2025-04-20 01:37
Severity ?
Summary
Response discrepancy in the login and password reset forms in SilverStripe CMS before 3.5.5 and 3.6.x before 3.6.1 allows remote attackers to enumerate users via timing attacks.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| silverstripe | silverstripe | * | |
| silverstripe | silverstripe | 3.6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9553463E-D9EB-406E-A8A3-D2A6FA62AE5F",
"versionEndIncluding": "3.5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:3.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A5CDF0C5-0B31-4870-BD3E-53992DCBE311",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Response discrepancy in the login and password reset forms in SilverStripe CMS before 3.5.5 and 3.6.x before 3.6.1 allows remote attackers to enumerate users via timing attacks."
},
{
"lang": "es",
"value": "Discrepancia de respuestas en los formularios de reinicio de contrase\u00f1a y login en SilverStripe CMS en versiones anteriores a la 3.5.5 y versiones 3.6.x anteriores a la 3.6.1 permite que atacantes remotos enumeren usuarios mediante ataques de sincronizaci\u00f3n."
}
],
"id": "CVE-2017-12849",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-12T15:29:00.310",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.silverstripe.org/download/security-releases/ss-2017-005"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.silverstripe.org/download/security-releases/ss-2017-005"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-08-26 18:55
Modified
2025-04-11 00:51
Severity ?
Summary
The setName function in filesystem/File.php in SilverStripe 2.3.x before 2.3.8 and 2.4.x before 2.4.1 allows remote authenticated users with CMS author privileges to execute arbitrary PHP code by changing the extension of an uploaded file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| silverstripe | silverstripe | 2.3.0 | |
| silverstripe | silverstripe | 2.3.0 | |
| silverstripe | silverstripe | 2.3.0 | |
| silverstripe | silverstripe | 2.3.0 | |
| silverstripe | silverstripe | 2.3.1 | |
| silverstripe | silverstripe | 2.3.1 | |
| silverstripe | silverstripe | 2.3.1 | |
| silverstripe | silverstripe | 2.3.2 | |
| silverstripe | silverstripe | 2.3.3 | |
| silverstripe | silverstripe | 2.3.4 | |
| silverstripe | silverstripe | 2.3.5 | |
| silverstripe | silverstripe | 2.3.6 | |
| silverstripe | silverstripe | 2.3.7 | |
| silverstripe | silverstripe | 2.4.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "24734325-97DA-4B2C-B192-3F4B83CCF0C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D875C510-39F2-4726-9DBD-3D95A5CB3D5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "BE8C544D-E233-488D-B768-8C077BB79338",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "26E1807F-7DEB-4519-95B9-4FA647C7D477",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "609BEA7D-81F2-4DFE-AB2A-157A6B7DE348",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "FAB67F4E-0E56-4597-BD9B-90D07685D7F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "AA541F02-F78A-4E43-8212-690810311187",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7856E216-D7B7-48A5-9D20-9F1973DA005D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DF4FF5F5-6565-4EA1-8099-2C4C964DA006",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7E0AD691-1BA2-4D8B-935C-B2C7A31BD5ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2AD30632-B31E-4425-827E-205351ABECE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "706247B5-ACA3-4863-BDBC-B42EA95E1476",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "87690027-1CF7-477E-91FE-87E6F77B2988",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:silverstripe:silverstripe:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F5BCB4DE-0432-4378-8A31-81208794EBD7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The setName function in filesystem/File.php in SilverStripe 2.3.x before 2.3.8 and 2.4.x before 2.4.1 allows remote authenticated users with CMS author privileges to execute arbitrary PHP code by changing the extension of an uploaded file."
},
{
"lang": "es",
"value": "La funci\u00f3n setName en filesystem/File.php in SilverStripe v2.3.x anterior a v2.3.8 y v2.4.x anterior a v2.4.1 permite a usuarios remotos autenticados con privilegios de autor del CMS ejecutar c\u00f3digo PHP arbitrario cambiando la extensi\u00f3n de un fichero subido."
}
],
"id": "CVE-2010-5091",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-08-26T18:55:01.310",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://dl.packetstormsecurity.net/1006-exploits/silverstripe-shell.txt"
},
{
"source": "secalert@redhat.com",
"url": "http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.3.8"
},
{
"source": "secalert@redhat.com",
"url": "http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.4.1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://open.silverstripe.org/changeset/107273"
},
{
"source": "secalert@redhat.com",
"url": "http://open.silverstripe.org/ticket/5693"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/3"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/05/01/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://dl.packetstormsecurity.net/1006-exploits/silverstripe-shell.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.3.8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://doc.silverstripe.org/sapphire/en/trunk/changelogs//2.4.1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://open.silverstripe.org/changeset/107273"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://open.silverstripe.org/ticket/5693"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/04/30/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/05/01/3"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}