Silverstripe Silverstripe-Framework vulnerabilities
6 known vulnerabilities affecting silverstripe/silverstripe-framework.
Total CVEs
6
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
MEDIUM6
Vulnerabilities
Page 1 of 1
CVE-2025-30148MEDIUMCVSS 5.4fixed in 5.3.232025-04-10
CVE-2025-30148 [MEDIUM] CWE-79 CVE-2025-30148: Silverstripe Framework is a PHP framework which powers the Silverstripe CMS. Prior to 5.3.23, bad ac
Silverstripe Framework is a PHP framework which powers the Silverstripe CMS. Prior to 5.3.23, bad actor with access to edit content in the CMS could send a specifically crafted encoded payload to the server, which could be used to inject a JavaScript payload on the front end of the site. The payload would be sanitized on the client-side, but server-s
nvd
CVE-2024-53277MEDIUMCVSS 5.4fixed in 5.3.82025-01-14
CVE-2024-53277 [MEDIUM] CWE-79 CVE-2024-53277: Silverstripe Framework is a PHP framework which powers the Silverstripe CMS. In some cases, form mes
Silverstripe Framework is a PHP framework which powers the Silverstripe CMS. In some cases, form messages can contain HTML markup. This is an intentional feature, allowing links and other relevant HTML markup for the given message. Some form messages include content that the user can provide. There are scenarios in the CMS where that content doesn't
nvd
CVE-2024-32981MEDIUMCVSS 5.4fixed in 5.2.162024-07-17
CVE-2024-32981 [MEDIUM] CWE-79 CVE-2024-32981: Silverstripe framework is the PHP framework forming the base for the Silverstripe CMS. In affected v
Silverstripe framework is the PHP framework forming the base for the Silverstripe CMS. In affected versions a bad actor with access to edit content in the CMS could add send a specifically crafted encoded payload to the server, which could be used to inject a JavaScript payload on the front end of the site. The payload would be sanitised on the clien
nvd
CVE-2023-48714MEDIUMCVSS 4.3fixed in 4.13.39v>= 5.0.0, < 5.1.112024-01-23
CVE-2023-48714 [MEDIUM] CWE-200 CVE-2023-48714: Silverstripe Framework is the framework that forms the base of the Silverstripe content management s
Silverstripe Framework is the framework that forms the base of the Silverstripe content management system. Prior to versions 4.13.39 and 5.1.11, if a user should not be able to see a record, but that record can be added to a `GridField` using the `GridFieldAddExistingAutocompleter` component, the record's title can be accessed by that user. Versions
nvd
CVE-2023-22728MEDIUMCVSS 4.3fixed in 4.12.52023-04-26
CVE-2023-22728 [MEDIUM] CWE-862 CVE-2023-22728: Silverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content m
Silverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system. Prior to version 4.12.15, the GridField print view incorrectly validates the permission of DataObjects potentially allowing a content author to view records they are not authorised to access. Users should upgrade to Silverstripe Fram
nvd
CVE-2023-22729MEDIUMCVSS 6.1fixed in 4.12.52023-04-26
CVE-2023-22729 [MEDIUM] CWE-601 CVE-2023-22729: Silverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content m
Silverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system. Prior to version 4.12.15, an attacker can display a link to a third party website on a login screen by convincing a legitimate content author to follow a specially crafted link. Users should upgrade to Silverstripe Framework 4.12.15
nvd