pkg:Packagist/silverstripe/framework

所有已知漏洞

• CRITICAL9.8CVE-2019-5715Silverstripe Framework SQLi Vulnerability
  >= 3.0.0, < 3.6.7
• CRITICAL9.8CVE-2019-12204Missing warning can lead to unauthenticated admin access in SilverStripe
  >= 4.1.0, < 4.3.5
• HIGH8.8CVE-2022-38148Blind SQL Injection via GridFieldSortableHeader
  >= 4.0.0, < 4.10.11
• HIGH7.5CVE-2020-6164Silverstripe CMS information disclosure
  >= 4.0.0, < 4.4.7
• HIGH7.5CVE-2020-9280SilverStripe Folders migrated from 3.x may be unsafe to upload to
  >= 4.0.0, < 4.4.6
• MEDIUM6.5CVE-2021-41559Quadratic blowup in Convert::xml2array()
  >= 4.0.0, < 4.10.9
• MEDIUM6.3CVE-2019-12203Session fixation in change password form
  >= 3.7.0, < 3.7.4
• MEDIUM6.1CVE-2023-22729Open redirect vulnerability on CMSSecurity relogin screen
  from 0, < 4.12.5
• MEDIUM6.1CVE-2022-38462Reflected XSS in querystring parameters
  >= 4.0.0, < 4.11.13
• MEDIUM6.1CVE-2019-12205Silverstripe Flash Clipboard Reflected XSS
  >= 3.0.0, < 4.3.5
• MEDIUM6.1CVE-2019-19325Reflected XSS in SilverStripe
  >= 4.5.0, < 4.5.2
• MEDIUM5.9CVE-2019-19326SilverStripe Web Cache Poisoning through HTTPRequestBuilder
  >= 4.0.0, < 4.4.7
• MEDIUM5.5CVE-2017-18049SilverStripe CSV Excel Macro Injection
  from 0, < 3.5.6
• MEDIUM5.4CVE-2025-30148Silverstripe Framework has a XSS vulnerability in HTML editor
  from 0, < 5.3.23
• MEDIUM5.4CVE-2024-53277Silverstripe Framework has a XSS in form messages
  from 0, < 5.3.8
• MEDIUM5.4CVE-2024-47605Silverstripe Framework has a XSS via insert media remote file oembed
  from 0, < 5.3.8
• MEDIUM5.4CVE-2024-32981Silverstripe Framework has a Cross-site Scripting vulnerability with encoded payload
  from 0, < 5.2.16
• MEDIUM5.4CVE-2022-37429Stored XSS using HTMLEditor
  >= 4.0.0, < 4.11.13
• MEDIUM5.4CVE-2022-37430Stored XSS using uppercase characters in HTMLEditor
  >= 4.0.0, < 4.11.13
• MEDIUM5.4CVE-2022-38724Silverstripe XSS in shortcodes
  >= 4.0.0, < 4.11.13
• MEDIUM5.4CVE-2022-25238Stored XSS via HTML fields in SilverStripe Framework
  >= 4.0.0, < 4.10.9
• MEDIUM5.4CVE-2022-28803Stored XSS in link tags added via XHR in SilverStripe Framework
  >= 4.0.0, < 4.10.9
• MEDIUM5.4CVE-2020-9311Silverstripe CMS XSS Vulnerability
  >= 3.0.0, < 3.7.5
• MEDIUM5.4CVE-2019-14272SilverStripe asset-admin Cross-site Scripting (XSS)
  >= 4.0.0, < 4.3.5
• MEDIUM5.3CVE-2020-26138FormField with square brackets in field name skips validation
  >= 3.0.0, < 4.7.4
• MEDIUM5.3CVE-2019-14273Broken access control on files
  >= 4.0.0, < 4.3.5
• MEDIUM5.3CVE-2019-12245Lack of access control on upoaded files
  from 0, < 3.6.8
• MEDIUM5.3CVE-2019-16409SilverStripe Versioned Files module Unpublished files are exposed publicly
  >= 4.0.0, < 4.3.5
• MEDIUM4.8CVE-2020-25817SilverStripe XXE Vulnerability in CSSContentParser
  >= 4.0.0, < 4.7.4
• MEDIUM4.3CVE-2023-48714Record titles for restricted records can be viewed if exposed by GridFieldAddExistingAutocompleter
  from 0, < 4.13.39
• MEDIUM4.3CVE-2023-22728Missing permission check of canView in GridFieldPrintButton
  from 0, < 4.12.5
• MEDIUM4.3CVE-2019-12246SilverStripe Denial of Service on flush and development URL tools
  >= 4.0.0, < 4.4.0
• MEDIUM4.3CVE-2022-0227Business Logic Errors in SilverStripe Framework
  from 0, < 4.10.1
• LOW2.7CVE-2019-12617SilverStripe Priviledge escalation through cache pollution
  >= 4.4.0, < 4.4.4
• NONE0.0CVE-2023-32302Silverstripe Framework: Members with no password can be created and bypass custom login forms
  >= 3.0.0, < 4.13.14
• —CVE-2012-4968Silverstripe XSS Vulnerabilities
  >= 2.3, < 2.3.13
• —CVE-2015-5062Silverstripe CMS Open Redirect
  from 0, <= 3.1.13
• —CVE-2010-1593SilverStripe vulnerable to Cross-site Scripting
  from 0, < 2.3.5