296,147
Total vulnerabilities in the database
The Security/changepassword URL action in SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4 passes a token as a GET parameter while changing a password through email, which allows remote attackers to obtain sensitive data and hijack the session via the HTTP referer logs on a server, aka "HTTP referer leakage."
| Software | From | Fixed in |
|---|---|---|
| silverstripe / silverstripe | 2.3.4 | 2.3.4.x |
| silverstripe / silverstripe | 2.3.0-rc2 | 2.3.0-rc2.x |
| silverstripe / silverstripe | 2.3.7 | 2.3.7.x |
| silverstripe / silverstripe | 2.3.1-rc2 | 2.3.1-rc2.x |
| silverstripe / silverstripe | 2.3.0-rc3 | 2.3.0-rc3.x |
| silverstripe / silverstripe | 2.3.3 | 2.3.3.x |
| silverstripe / silverstripe | 2.4.1 | 2.4.1.x |
| silverstripe / silverstripe | 2.3.8 | 2.3.8.x |
| silverstripe / silverstripe | 2.3.1 | 2.3.1.x |
| silverstripe / silverstripe | 2.4.0 | 2.4.0.x |
| silverstripe / silverstripe | 2.4.2 | 2.4.2.x |
| silverstripe / silverstripe | 2.3.1-rc1 | 2.3.1-rc1.x |
| silverstripe / silverstripe | 2.3.5 | 2.3.5.x |
| silverstripe / silverstripe | 2.3.9 | 2.3.9.x |
| silverstripe / silverstripe | 2.4.3 | 2.4.3.x |
| silverstripe / silverstripe | 2.3.6 | 2.3.6.x |
| silverstripe / silverstripe | 2.3.0 | 2.3.0.x |
| silverstripe / silverstripe | 2.3.2 | 2.3.2.x |
| silverstripe / silverstripe | 2.3.0-rc1 | 2.3.0-rc1.x |