Vulnerability Database

  • Total number of vulnerabilities in the DB: 315,050
With exploit

Composer icon silverstripe / framework

Title Severity Exploit Date Affected Version
silverstripe/framework vulnerable to Cross-site Scripting In `OptionsetField` and `CheckboxSetField` Medium May 27, 2024 >= 3.1.19-rc1 < 3.1.20
>= 3.2.4-rc1 < 3.2.5
>= 3.3.2-rc1 < 3.3.3
>= 3.4.0-rc1 < 3.4.1
silverstripe/framework's `Member.Name` is not escaped Medium May 27, 2024 >= 3.1.9-rc1 < 3.1.20
>= 3.2.4-rc1 < 3.2.5
>= 3.3.2-rc1 < 3.3.3
>= 3.4.0-rc1 < 3.4.1
silverstripe/framework's pre-existing alc_enc cookies log users in if remember me is disabled Low May 27, 2024 >= 3.1.19-rc1 < 3.1.20
>= 3.2.4-rc1 < 3.2.5
>= 3.3.2-rc1 < 3.3.3
>= 3.4.0-rc1 < 3.4.1
silverstripe/framework missing ACL on reports Medium May 27, 2024 >= 3.1.19-rc1 < 3.1.20
>= 3.2.4-rc1 < 3.2.5
>= 3.3.2-rc1 < 3.3.3
>= 3.4.0-rc1 < 3.4.1
silverstripe/framework ChangePasswordForm does not check `Member::canLogIn()` Medium May 27, 2024 >= 3.1.19-rc1 < 3.1.20
>= 3.2.4-rc1 < 3.2.5
>= 3.3.2-rc1 < 3.3.3
>= 3.4.0-rc1 < 3.4.1
silverstripe/framework password encryption salt not updated Low May 27, 2024 >= 3.1.19-rc1 < 3.1.20
>= 3.2.4-rc1 < 3.2.5
>= 3.3.2-rc1 < 3.3.3
>= 3.4.0-rc1 < 3.4.1
silverstripe/framework ReadOnly transformation for formfields exploitable Medium May 23, 2024 < 3.1.21
>= 3.2.0 < 3.2.6
>= 3.3.0 < 3.3.4
>= 3.4.0 < 3.4.2
Silverstripe Cross-site scripting vulnerability in VersionedRequestFilter Medium May 23, 2024 >= 3.3.2 < 3.3.3
>= 3.4.0 < 3.4.1
Silverstripe Missing CSRF protection in login form Medium May 23, 2024 >= 3.1.18 < 3.1.19
>= 3.2.3 < 3.2.4
>= 3.3.1 < 3.3.2
Silverstripe Brute force bypass on default admin Critical May 23, 2024 >= 3.1.18 < 3.1.19
>= 3.2.3 < 3.2.4
>= 3.3.1 < 3.3.2