silverstripe/framework

Multiple cross-site scripting (XSS) vulnerabilities in SilverStripe before 2.3.5 allow remote attackers to inject arbitrary web script or HTML via (1) the CommenterURL parameter to PostCommentForm, and in the Forum module before 0.2.5 in S…

Multiple cross-site scripting (XSS) vulnerabilities in SilverStripe 2.3.x before 2.3.13 and 2.4.x before 2.4.7 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted string to the AbsoluteLinks, (2) BigSummary, (3)…

vulnerable: 2.4.10 ... 3.1.9-rc1 (61 versions)

Open redirect vulnerability in SilverStripe CMS & Framework 3.1.13 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the returnURL parameter to dev/build.

vulnerable: 4.0.0, 4.0.1-rc1

In the CSV export feature of SilverStripe before 3.5.6, 3.6.x before 3.6.3, and 4.x before 4.0.1, it's possible for the output to contain macros and scripts, which may be executed if imported without sanitization into common software (incl…

vulnerable: 4.0.0 ... 4.3.4 (30 versions)

SilverStripe through 4.3.3 allows session fixation in the "change password" form.

vulnerable: 4.1.0 ... 4.3.4 (19 versions)

In SilverStripe through 4.3.3, a missing warning about leaving install.php in a public webroot can lead to unauthenticated admin access.

vulnerable: 4.4.0, 4.4.0-rc1, 4.4.1, 4.4.2, 4.4.3

SilverStripe through 4.3.3 has Flash Clipboard Reflected XSS.

vulnerable: 4.4.0, 4.4.1, 4.4.2, 4.4.3

SilverStripe through 4.3.3 has incorrect access control for protected files uploaded via Upload::loadIntoFile(). An attacker may be able to guess a filename in silverstripe/assets via the AssetControlExtension.

vulnerable: 2.4.10 ... 3.5.8-rc1 (148 versions)

SilverStripe through 4.3.3 allows a Denial of Service on flush and development URL tools.

vulnerable: 4.3.0, 4.3.1, 4.3.2, 4.3.3, 4.3.4

In SilverStripe through 4.3.3, there is access escalation for CMS users with limited access through permission cache pollution.

vulnerable: 4.4.0, 4.4.1, 4.4.2, 4.4.3

In SilverStripe asset-admin 4.0, there is XSS in file titles managed through the CMS.

vulnerable: 4.4.0, 4.4.1, 4.4.2, 4.4.3

In SilverStripe assets 4.0, there is broken access control on files.

vulnerable: 4.4.0, 4.4.1, 4.4.2, 4.4.3

In the Versioned Files module through 2.0.3 for SilverStripe 3.x, unpublished versions of files are publicly exposed to anyone who can guess their URL. This guess could be highly informed by a basic understanding of the symbiote/silverstri…

vulnerable: 4.0.0 ... 4.4.4 (37 versions)

SilverStripe through 4.4.x before 4.4.5 and 4.5.x before 4.5.2 allows Reflected XSS on the login form and custom forms. Silverstripe Forms allow malicious HTML or JavaScript to be inserted through non-scalar FormField attributes, which all…

vulnerable: 3.0.10 ... 3.7.4 (165 versions)

Silverstripe CMS sites through 4.4.4 which have opted into HTTP Cache Headers on responses served by the framework's HTTP layer can be vulnerable to web cache poisoning. Through modifying the X-Original-Url and X-HTTP-Method-Override heade…

vulnerable: 4.3.0

All versions of SilverStripe 3 prior to 3.6.7 and 3.7.3, and all versions of SilverStripe 4 prior to 4.0.7, 4.1.5, 4.2.4, and 4.3.1 allows Reflected SQL Injection through Form and DataObject.

vulnerable: 4.0.0 ... 4.7.3 (59 versions)

SilverStripe through 4.6.0-rc1 has an XXE Vulnerability in CSSContentParser. A developer utility meant for parsing HTML within unit tests can be vulnerable to XML External Entity (XXE) attacks. When this developer utility is misused for pu…

vulnerable: 3.0.10 ... 4.7.3 (241 versions)

In SilverStripe through 4.6.0-rc1, a FormField with square brackets in the field name skips validation.

vulnerable: 4.5.0, 4.5.1, 4.5.2, 4.5.3

In SilverStripe through 4.5.0, a specific URL path configured by default through the silverstripe/framework module can be used to disclose the fact that a domain is hosting a Silverstripe application. There is no disclosure of the specific…

vulnerable: 4.0.0 ... 4.4.5 (38 versions)

In SilverStripe through 4.5, files uploaded via Forms to folders migrated from Silverstripe CMS 3.x may be put to the default "/Uploads" folder instead. This affects installations which allowed upload folder protection via the optional sil…

vulnerable: 3.0.10 ... 3.7.4 (165 versions)

In SilverStripe through 4.5, malicious users with a valid Silverstripe CMS login (usually CMS access) can craft profile information which can lead to XSS for other users through specially crafted login form URLs.

vulnerable: 4.0.0 ... 4.9.4 (83 versions)

Silverstripe silverstripe/framework 4.8.1 has a quadratic blowup in Convert::xml2array() that enables a remote attack via a crafted XML document.

vulnerable: 4.0.0 ... 4.9.4 (83 versions)

Silverstripe silverstripe/framework through 4.10.0 allows XSS, inside of script tags that can can be added to website content via XHR by an authenticated CMS user if the cwp-core module is not installed on the sanitise_server_side contig i…

vulnerable: 4.0.0 ... 4.9.4 (83 versions)

In SilverStripe Framework through 2022-04-07, Stored XSS can occur in javascript link tags added via XMLHttpRequest (XHR).

vulnerable: 4.0.0 ... 4.9.4 (103 versions)

Silverstripe silverstripe/framework through 4.11 allows XSS (issue 1 of 2) via JavaScript payload to the href attribute of a link by splitting a javascript URL with white space characters.

vulnerable: 4.0.0 ... 4.9.4 (103 versions)

Silverstripe silverstripe/framework through 4.11 allows XSS vulnerability via href attribute of a link (issue 2 of 2).

vulnerable: 4.11.0 ... 4.11.9 (14 versions)

Silverstripe silverstripe/framework through 4.11 allows SQL Injection.

vulnerable: 4.0.0 ... 4.9.4 (103 versions)

Silverstripe silverstripe/framework through 4.11 is vulnerable to XSS by carefully crafting a return URL on a /dev/build or /Security/login request.

vulnerable: 4.0.0 ... 4.9.4 (103 versions)

Silverstripe silverstripe/framework through 4.11.0, silverstripe/assets through 1.11.0, and silverstripe/asset-admin through 1.11.0 allow XSS.

vulnerable: 2.4.10 ... 4.9.4 (302 versions)

Silverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system. Prior to version 4.12.15, the GridField print view incorrectly validates the permission of DataObjects potentially allowi…

vulnerable: 2.4.10 ... 4.9.4 (302 versions)

Silverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system. Prior to version 4.12.15, an attacker can display a link to a third party website on a login screen by convincing a legit…

vulnerable: 5.0.0 ... 5.1.9 (37 versions)

Silverstripe Framework is the framework that forms the base of the Silverstripe content management system. Prior to versions 4.13.39 and 5.1.11, if a user should not be able to see a record, but that record can be added to a `GridField` us…

vulnerable: 2.4.10 ... 5.2.9 (425 versions)

Silverstripe framework is the PHP framework forming the base for the Silverstripe CMS. In affected versions a bad actor with access to edit content in the CMS could add send a specifically crafted encoded payload to the server, which could…

vulnerable: 2.4.10 ... 5.3.7 (442 versions)

silverstripe-asset-admin is a silverstripe assets gallery for asset management. When using the "insert media" functionality, the linked oEmbed JSON includes an HTML attribute which will replace the embed shortcode. The HTML is not sanitize…