| Title |
Severity |
Exploit |
Date |
Affected Version |
|
Silverstripe XSS in CMS Edit Page
|
Medium
|
|
May 23, 2024
|
>= 3.1.18 < 3.1.19
>= 3.2.3 < 3.2.4
>= 3.3.1 < 3.3.2
|
|
Silverstripe Hostname, IP and Protocol Spoofing through HTTP Headers
|
Medium
|
|
May 23, 2024
|
< 3.1.17
>= 3.2.0 < 3.2.2
>= 3.3.0-beta1 < 3.3.0
|
|
Silverstripe CSRF vulnerability in GridFieldAddExistingAutocompleter
|
Medium
|
|
May 23, 2024
|
< 3.1.17
>= 3.2.0 < 3.2.2
>= 3.3.0-beta1 < 3.3.0
|
|
Silverstripe Missing security check on dev/build/defaults
|
Medium
|
|
May 23, 2024
|
< 3.1.17
>= 3.2.0 < 3.2.2
>= 3.3.0-beta1 < 3.3.0
|
|
Silverstripe HtmlEditor embed url sanitisation
|
Medium
|
|
May 23, 2024
|
>= 3.0.0 < 3.2.1
|
|
Silverstripe Form field validation message XSS vulnerability
|
Medium
|
|
May 23, 2024
|
>= 3.0.0 < 3.1.16
>= 3.2.0 < 3.2.1
|
|
Silverstripe framework is vulnerable to XSS in install.php
|
Medium
|
|
May 23, 2024
|
>= 3.1.0 < 3.1.14
|
|
SilverStripe Vulnerability on 'isDev', 'isTest' and 'flush' $_GET validation
|
Medium
|
|
May 23, 2024
|
>= 3.0.0 < 3.0.14
>= 3.1.0 < 3.1.13
|
|
Silverstripe XSS in dev/build returnURL Parameter
|
Medium
|
|
May 23, 2024
|
< 3.1.14
|
|
Silverstripe External redirection risk in Security?ReturnURL
|
Medium
|
|
May 23, 2024
|
< 3.0.14
>= 3.1.0 < 3.1.13
|
silverstripe / framework