| Title |
Severity |
Exploit |
Date |
Affected Version |
|
silverstripe/framework vulnerable to Cross-site Scripting In `OptionsetField` and `CheckboxSetField`
|
Medium
|
|
May 27, 2024
|
>= 3.1.19-rc1 < 3.1.20
>= 3.2.4-rc1 < 3.2.5
>= 3.3.2-rc1 < 3.3.3
>= 3.4.0-rc1 < 3.4.1
|
|
silverstripe/framework's `Member.Name` is not escaped
|
Medium
|
|
May 27, 2024
|
>= 3.1.9-rc1 < 3.1.20
>= 3.2.4-rc1 < 3.2.5
>= 3.3.2-rc1 < 3.3.3
>= 3.4.0-rc1 < 3.4.1
|
|
silverstripe/framework's pre-existing alc_enc cookies log users in if remember me is disabled
|
Low
|
|
May 27, 2024
|
>= 3.1.19-rc1 < 3.1.20
>= 3.2.4-rc1 < 3.2.5
>= 3.3.2-rc1 < 3.3.3
>= 3.4.0-rc1 < 3.4.1
|
|
silverstripe/framework missing ACL on reports
|
Medium
|
|
May 27, 2024
|
>= 3.1.19-rc1 < 3.1.20
>= 3.2.4-rc1 < 3.2.5
>= 3.3.2-rc1 < 3.3.3
>= 3.4.0-rc1 < 3.4.1
|
|
silverstripe/framework ChangePasswordForm does not check `Member::canLogIn()`
|
Medium
|
|
May 27, 2024
|
>= 3.1.19-rc1 < 3.1.20
>= 3.2.4-rc1 < 3.2.5
>= 3.3.2-rc1 < 3.3.3
>= 3.4.0-rc1 < 3.4.1
|
|
silverstripe/framework password encryption salt not updated
|
Low
|
|
May 27, 2024
|
>= 3.1.19-rc1 < 3.1.20
>= 3.2.4-rc1 < 3.2.5
>= 3.3.2-rc1 < 3.3.3
>= 3.4.0-rc1 < 3.4.1
|
|
silverstripe/framework ReadOnly transformation for formfields exploitable
|
Medium
|
|
May 23, 2024
|
< 3.1.21
>= 3.2.0 < 3.2.6
>= 3.3.0 < 3.3.4
>= 3.4.0 < 3.4.2
|
|
Silverstripe Cross-site scripting vulnerability in VersionedRequestFilter
|
Medium
|
|
May 23, 2024
|
>= 3.3.2 < 3.3.3
>= 3.4.0 < 3.4.1
|
|
Silverstripe Missing CSRF protection in login form
|
Medium
|
|
May 23, 2024
|
>= 3.1.18 < 3.1.19
>= 3.2.3 < 3.2.4
>= 3.3.1 < 3.3.2
|
|
Silverstripe Brute force bypass on default admin
|
Critical
|
|
May 23, 2024
|
>= 3.1.18 < 3.1.19
>= 3.2.3 < 3.2.4
>= 3.3.1 < 3.3.2
|
silverstripe / framework