Silverstripe Admin vulnerabilities

CVE-2023-49783 [MEDIUM] CWE-863 CVE-2023-49783: Silverstripe Admin provides a basic management interface for the Silverstripe Framework. In versions Silverstripe Admin provides a basic management interface for the Silverstripe Framework. In versions on the 1.x branch prior to 1.13.19 and on the 2.x branch prior to 2.1.8, users who don't have edit or delete permissions for records exposed in a `ModelAdmin` can still edit or delete records using the CSV import form, provided they have create permi

CVE-2022-38146 [MEDIUM] CWE-79 URL XSS vulnerability due to outdated jquery in CMS URL XSS vulnerability due to outdated jquery in CMS Silverstripe silverstripe/framework through 4.11 allows XSS (issue 2 of 3).

CVE-2019-12205 [MEDIUM] CWE-79 Silverstripe Flash Clipboard Reflected XSS Silverstripe Flash Clipboard Reflected XSS SilverStripe versions 3.0.0 until 4.3.5 and 4.4.4 are vulnerable to Flash Clipboard Reflected XSS. Versions 4.3.5 and 4.4.4 of `silverstripe/framework` and version 1.3.5 of `silverstripe/admin` contain a fix for this issue.

CVE-2021-36150 [MEDIUM] CWE-79 Cross-site Scripting in SilverStripe Framework Cross-site Scripting in SilverStripe Framework SilverStripe Framework through 4.8.1 allows XSS.