| Title |
Severity |
Exploit |
Date |
Affected Version |
|
silverstripe/framework SQL injection in full text search
|
High
|
|
May 27, 2024
|
>= 3.5.0-rc1 < 3.5.6
>= 3.6.0-rc1 < 3.6.3
>= 4.0.0-rc1 < 4.0.1
|
|
silverstripe/framework users inadvertently passing sensitive data to LoginAttempt
|
Medium
|
|
May 27, 2024
|
>= 3.5.0-rc1 < 3.5.6
>= 3.6.0-rc1 < 3.6.3
>= 4.0.0-rc1 < 4.0.1
|
|
silverstripe/framework CSV Excel Macro Injection
|
High
|
|
May 27, 2024
|
>= 3.5.0-rc1 < 3.5.6
>= 3.6.0-rc1 < 3.6.3
>= 4.0.0-rc1 < 4.0.1
|
|
silverstripe/framework vulnerable to user enumeration via timing attack on login and password reset forms
|
High
|
|
May 27, 2024
|
>= 3.5.0-rc1 < 3.5.5
>= 3.6.0-rc1 < 3.6.2
|
|
silverstripe/framework's User-Agent header not correctly invalidating user session
|
High
|
|
May 27, 2024
|
>= 3.5.0-rc1 < 3.5.6
>= 3.6.0-rc1 < 3.6.3
|
|
silverstripe/framework has Cross-site Scripting vulnerability in page history comparison
|
Medium
|
|
May 27, 2024
|
>= 3.4.0-rc1 < 3.4.6
>= 3.5.0-rc1 < 3.5.4
|
|
silverstripe/framework has Cross-site Scripting vulnerability in RedirectorPage
|
Medium
|
|
May 27, 2024
|
>= 3.4.0-rc1 < 3.4.6
>= 3.5.0-rc1 < 3.5.4
|
|
silverstripe/framework has Cross-site Scripting vulnerability in CMSSecurity BackURL
|
Medium
|
|
May 27, 2024
|
>= 3.1.0-rc1 < 3.1.21
>= 3.2.0-rc1 < 3.2.6
>= 3.3.0-rc1 < 3.3.4
>= 3.4.0-rc1 < 3.4.2
|
|
silverstripe/framework has Cross-site Scripting vulnerability in page name
|
Medium
|
|
May 27, 2024
|
>= 3.4.0-rc1 < 3.4.4
>= 3.5.0-rc1 < 3.5.2
|
|
silverstripe/framework member disclosure in login form
|
Medium
|
|
May 27, 2024
|
>= 3.4.0-rc1 < 3.4.6
>= 3.5.0-rc1 < 3.5.4
|
laravel / framework