The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
ID | Description | Priority | Modified date |
---|---|---|---|
CVE-2023-47325 | Silverpeas Core 6.3.1 administrative Bin feature is affected by broken access control. A user with low privileges is able to navigate directly to the bin, revealing all deleted spaces. The user can then restore or permanently delete the spaces. | -- | Dec 13, 2023 |
CVE-2023-47326 | Silverpeas Core 6.3.1 is vulnerable to Cross Site Request Forgery (CSRF) via the Domain SQL Create function. | -- | Dec 13, 2023 |
CVE-2023-47324 | Silverpeas Core 6.3.1 is vulnerable to Cross Site Scripting (XSS) via the message/notification feature. | -- | Dec 13, 2023 |
CVE-2023-47321 | Silverpeas Core 6.3.1 is vulnerable to Incorrect Access Control via the Porlet Deployer which allows administrators to deploy .WAR portlets. | -- | Dec 13, 2023 |
CVE-2023-47320 | Silverpeas Core 6.3.1 is vulnerable to Incorrect Access Control. An attacker with low privileges is able to execute the administrator-only function of putting the application in Maintenance Mode due to broken access control. This makes the application unavailable to all users. This affects Silverpeas Core 6.3.1 and below. | -- | Dec 13, 2023 |
CVE-2008-6175 | SilverSHielD 1.0.2.34 allows remote attackers to cause a denial of service (application crash) via a crafted argument to the opendir SFTP command. | Medium | Feb 20, 2009 |
CVE-2010-5087 | SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism and hijack the authentication of administrators via vectors related to form action requests using a controller. | Medium | Aug 27, 2012 |
CVE-2010-5078 | SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain version information via a direct request to (1) apphire/silverstripe_version or (2) cms/silverstripe_version. | Medium | Sep 18, 2012 |
CVE-2010-5079 | SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4 uses weak entropy when generating tokens for (1) the CSRF protection mechanism, (2) autologin, (3) forgot password functionality, and (4) password salts, which makes it easier for remote attackers to bypass intended access restrictions via unspecified vectors. | Medium | Sep 18, 2012 |
CVE-2011-4961 | SilverStripe 2.3.x before 2.3.12 and 2.4.x before 2.4.6 allows remote authenticated users with the EDIT_PERMISSIONS permission to gain administrator privileges via a TreeMultiselectField that includes admin groups when adding a user to the selected groups. | Medium | Oct 15, 2012 |
CVE-2010-5188 | SilverStripe 2.3.x before 2.3.6 allows remote attackers to obtain sensitive information via the (1) debug_memory parameter to core/control/Director.php or (2) debug_profile parameter to main.php. | Medium | Aug 27, 2012 |
CVE-2010-5187 | SilverStripe 2.3.x before 2.3.8 and 2.4.x before 2.4.1, when running on servers with certain configurations, allows remote attackers to obtain sensitive information via a direct request to PHP files in the (1) sapphire, (2) cms, or (3) mysite folders, which reveals the installation path in an error message. | Medium | Aug 27, 2012 |
CVE-2020-6165 | SilverStripe 4.5.0 allows attackers to read certain records that should not have been placed into a result set. This affects silverstripe/recipe-cms. The automatic permission-checking mechanism in the silverstripe/graphql module does not provide complete protection against lists that are limited (e.g., through pagination), resulting in records that should have failed a permission check being added to the final result set. GraphQL endpoints are configured by default (e.g., for assets), but the admin/graphql endpoint is access protected by default. This limits the vulnerability to all authenticated users, including those with limited permissions (e.g., where viewing records exposed through admin/graphql requires administrator permissions). However, if custom GraphQL endpoints have been configured for a specific implementation (usually under /graphql), this vulnerability could also be exploited through unauthenticated requests. This vulnerability only applies to reading records; it does not allow unauthorised changing of records. | MEDIUM | Jul 16, 2020 |
CVE-2023-49783 | Silverstripe Admin provides a basic management interface for the Silverstripe Framework. In versions on the 1.x branch prior to 1.13.19 and on the 2.x branch prior to 2.1.8, users who don\'t have edit or delete permissions for records exposed in a `ModelAdmin` can still edit or delete records using the CSV import form, provided they have create permissions. The likelihood of a user having create permissions but not having edit or delete permissions is low, but it is possible. Note that this doesn\'t affect any `ModelAdmin` which has had the import form disabled via the `showImportForm` public property. Versions 1.13.19 and 2.1.8 contain a patch for the issue. Those who have a custom implementation of `BulkLoader` should update their implementations to respect permissions when the return value of `getCheckPermissions()` is true. Those who use any `BulkLoader` in their own project logic, or maintain a module which uses it, should consider passing `true` to `setCheckPermissions()` if the data is provided by users. | -- | Jan 23, 2024 |
CVE-2010-5090 | SilverStripe before 2.4.2 allows remote authenticated users to change administrator passwords via vectors related to admin/security. | Medium | Aug 27, 2012 |
CVE-2010-5089 | SilverStripe before 2.4.2 does not properly restrict access to pages in draft mode, which allows remote attackers to obtain sensitive information. | Medium | Aug 27, 2012 |
CVE-2017-14498 | SilverStripe CMS before 3.6.1 has XSS via an SVG document that is mishandled by (1) the Insert Media option in the content editor or (2) an admin/assets/add pathname, as demonstrated by the admin/pages/edit/EditorToolbar/MediaForm/field/AssetUploadField/upload URI, aka issue SS-2017-017. | Medium | Sep 20, 2017 |
CVE-2019-19326 | Silverstripe CMS sites through 4.4.4 which have opted into HTTP Cache Headers on responses served by the framework\'s HTTP layer can be vulnerable to web cache poisoning. Through modifying the X-Original-Url and X-HTTP-Method-Override headers, responses with malicious HTTP headers can return unexpected responses to other consumers of this cached response. Most other headers associated with web cache poisoning are already disabled through request hostname forgery whitelists. | MEDIUM | Jul 15, 2020 |
CVE-2020-9309 | Silverstripe CMS through 4.5 can be susceptible to script execution from malicious upload contents under allowed file extensions (for example HTML code in a TXT file). When these files are stored as protected or draft files, the MIME detection can cause browsers to execute the file contents. Uploads stored as protected or draft files are allowed by default for authorised users only, but can also be enabled through custom logic as well as modules such as silverstripe/userforms. Sites using the previously optional silverstripe/mimevalidator module can configure MIME whitelists rather than extension whitelists, and hence prevent this issue. Sites on the Common Web Platform (CWP) use this module by default, and are not affected. | MEDIUM | Jul 16, 2020 |
CVE-2023-28851 | Silverstripe Form Capture provides a method to capture simple silverstripe forms and an admin interface for users. Starting in version 0.2.0 and prior to versions 1.0.2, 1.1.0, 2.2.5, and 3.1.1, improper escaping when presenting stored form submissions allowed for an attacker to perform a Cross-Site Scripting attack. The vulnerability was initially patched in version 1.0.2, and version 1.1.0 includes this patch. The bug was then accidentally re-introduced during a merge error, and has been re-patched in versions 2.2.5 and 3.1.1. There are no known workarounds for this vulnerability. | -- | Apr 3, 2023 |
CVE-2023-48714 | Silverstripe Framework is the framework that forms the base of the Silverstripe content management system. Prior to versions 4.13.39 and 5.1.11, if a user should not be able to see a record, but that record can be added to a `GridField` using the `GridFieldAddExistingAutocompleter` component, the record\'s title can be accessed by that user. Versions 4.13.39 and 5.1.11 contain a fix for this issue. | -- | Jan 23, 2024 |
CVE-2023-22729 | Silverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system. Prior to version 4.12.15, an attacker can display a link to a third party website on a login screen by convincing a legitimate content author to follow a specially crafted link. Users should upgrade to Silverstripe Framework 4.12.15 or above to address the issue. | -- | May 4, 2023 |
CVE-2023-22728 | Silverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system. Prior to version 4.12.15, the GridField print view incorrectly validates the permission of DataObjects potentially allowing a content author to view records they are not authorised to access. Users should upgrade to Silverstripe Framework 4.12.15 or above to address the issue. | -- | May 4, 2023 |
CVE-2021-36150 | SilverStripe Framework through 4.8.1 allows XSS. | MEDIUM | Oct 7, 2021 |
CVE-2022-29858 | Silverstripe silverstripe/assets through 1.10 is vulnerable to improper access control that allows protected images to be published by changing an existing image short code on website content. | MEDIUM | Jun 29, 2022 |
CVE-2022-37421 | Silverstripe silverstripe/cms through 4.11.0 allows XSS. | -- | Nov 23, 2022 |
CVE-2021-41559 | Silverstripe silverstripe/framework 4.8.1 has a quadratic blowup in Convert::xml2array() that enables a remote attack via a crafted XML document. | MEDIUM | Jun 29, 2022 |
CVE-2022-24444 | Silverstripe silverstripe/framework through 4.10 allows Session Fixation. | MEDIUM | Jun 29, 2022 |
CVE-2022-25238 | Silverstripe silverstripe/framework through 4.10.0 allows XSS, inside of script tags that can can be added to website content via XHR by an authenticated CMS user if the cwp-core module is not installed on the sanitise_server_side contig is not set to true in project code. | LOW | Jun 29, 2022 |
CVE-2022-38148 | Silverstripe silverstripe/framework through 4.11 allows SQL Injection. | -- | Nov 22, 2022 |
CVE-2022-37429 | Silverstripe silverstripe/framework through 4.11 allows XSS (issue 1 of 2) via JavaScript payload to the href attribute of a link by splitting a javascript URL with white space characters. | -- | Nov 23, 2022 |
CVE-2022-38145 | Silverstripe silverstripe/framework through 4.11 allows XSS (issue 1 of 3) via remote attackers adding a Javascript payload to a page\'s meta description and get it executed in the versioned history compare view. | -- | Nov 23, 2022 |
CVE-2022-38146 | Silverstripe silverstripe/framework through 4.11 allows XSS (issue 2 of 3). | -- | Nov 22, 2022 |
CVE-2022-38147 | Silverstripe silverstripe/framework through 4.11 allows XSS (issue 3 of 3). | -- | Nov 23, 2022 |
CVE-2022-37430 | Silverstripe silverstripe/framework through 4.11 allows XSS vulnerability via href attribute of a link (issue 2 of 2). | -- | Nov 23, 2022 |
CVE-2022-38462 | Silverstripe silverstripe/framework through 4.11 is vulnerable to XSS by carefully crafting a return URL on a /dev/build or /Security/login request. | -- | Nov 23, 2022 |
CVE-2022-38724 | Silverstripe silverstripe/framework through 4.11.0, silverstripe/assets through 1.11.0, and silverstripe/asset-admin through 1.11.0 allow XSS. | -- | Nov 23, 2022 |
CVE-2022-42949 | Silverstripe silverstripe/subsites through 2.6.0 has Insecure Permissions. | -- | Dec 21, 2022 |
CVE-2019-12246 | SilverStripe through 4.3.3 allows a Denial of Service on flush and development URL tools. | MEDIUM | Feb 20, 2020 |
CVE-2019-12203 | SilverStripe through 4.3.3 allows session fixation in the \"change password\" form. | LOW | Sep 27, 2019 |
CVE-2019-12205 | SilverStripe through 4.3.3 has Flash Clipboard Reflected XSS. | MEDIUM | Sep 26, 2019 |
CVE-2019-12245 | SilverStripe through 4.3.3 has incorrect access control for protected files uploaded via Upload::loadIntoFile(). An attacker may be able to guess a filename in silverstripe/assets via the AssetControlExtension. | MEDIUM | Sep 27, 2019 |
CVE-2019-19325 | SilverStripe through 4.4.x before 4.4.5 and 4.5.x before 4.5.2 allows Reflected XSS on the login form and custom forms. Silverstripe Forms allow malicious HTML or JavaScript to be inserted through non-scalar FormField attributes, which allows performing XSS (Cross-Site Scripting) on some forms built with user input (Request data). This can lead to phishing attempts to obtain a user\'s credentials or other sensitive user input. | MEDIUM | Feb 20, 2020 |
CVE-2020-25817 | SilverStripe through 4.6.0-rc1 has an XXE Vulnerability in CSSContentParser. A developer utility meant for parsing HTML within unit tests can be vulnerable to XML External Entity (XXE) attacks. When this developer utility is misused for purposes involving external or user submitted data in custom project code, it can lead to vulnerabilities such as XSS on HTML output rendered through this custom code. This is now mitigated by disabling external entities during parsing. (The correct CVE ID year is 2020 [CVE-2020-25817, not CVE-2021-25817]). | LOW | Jun 8, 2021 |
CVE-2020-25102 | silverstripe-advancedreports (aka the Advanced Reports module for SilverStripe) 1.0 through 2.0 is vulnerable to Cross-Site Scripting (XSS) because it is possible to inject and store malicious JavaScript code. The affects admin/advanced-reports/DataObjectReport/EditForm/field/DataObjectReport/item (aka report preview) when an SVG document is provided in the Description parameter. | MEDIUM | Sep 3, 2020 |
CVE-2022-29254 | silverstripe-omnipay is a SilverStripe integration with Omnipay PHP payments library. For a subset of Omnipay gateways (those that use intermediary states like `isNotification()` or `isRedirect()`), if the payment identifier or success URL is exposed it is possible for payments to be prematurely marked as completed without payment being taken. This is mitigated by the fact that most payment gateways hide this information from users, however some issuing banks offer flawed 3DSecure implementations that may inadvertently expose this data. The following versions have been patched to fix this issue: `2.5.2`, `3.0.2`, `3.1.4`, and `3.2.1`. There are no known workarounds for this vulnerability. | MEDIUM | Jun 9, 2022 |
CVE-2023-40179 | Silverware Games is a premium social network where people can play games online. Prior to version 1.3.6, the Password Recovery form would throw an error if the specified email was not found in our database. It would only display the Enter the code form if the email is associated with a member of the site. Since version 1.3.6, the Enter the code form is always returned, showing the message If the entered email is associated with an account, a code will be sent now. This change prevents potential violators from determining if our site has a user with the specified email. | -- | Aug 25, 2023 |
CVE-2023-40182 | Silverware Games is a premium social network where people can play games online. When using the Recovery form, a noticeably different amount of time passes depending of whether the specified email address presents in our database or not. This has been fixed in version 1.3.7. | -- | Aug 25, 2023 |
CVE-2022-23543 | Silverware Games is a social network where people can play games online. Users can attach URLs to YouTube videos, the site will generate related `<iframe>` when the post will be published. The handler has some sort of protection so non-YouTube links can\'t be posted, as well as HTML tags are being stripped. However, it was still possible to add custom HTML attributes (e.g. `onclick=alert(xss)`) to the `<iframe>\'. This issue was fixed in the version `1.1.34` and does not require any extra actions from our members. There has been no evidence that this vulnerability was used by anyone at this time. | -- | Dec 20, 2022 |
CVE-2022-36072 | SilverwareGames.io is a social network for users to play video games online. In version 1.1.8 and prior, due to an unobvious feature of PHP, hashes generated by built-in functions and starting with the `0e` symbols were being handled as zero multiplied with the `e` number. Therefore, the hash value was equal to 0. The maintainers fixed this in version 1.1.9 by using `===` instead of `==` in comparisons where it is possible (e.g. on sign in/sign up handlers). | -- | Sep 12, 2022 |