Known Vulnerabilities for products from Silverstripe

Listed below are 20 of the newest known vulnerabilities associated with the vendor "Silverstripe".

These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.

Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.

Known Vulnerabilities

CVE Shortened Description Severity Publish Date Last Modified
CVE-2026-24749 json Not Provided 2026-04-16 2026-04-16
CVE-2023-49783 json 4.3 - MEDIUM 2024-01-23 2024-02-02
CVE-2023-48714 json 4.3 - MEDIUM 2024-01-23 2024-02-02
CVE-2023-44401 json ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... 5.3 - MEDIUM 2024-01-23 2024-01-30
CVE-2023-40180 json silverstripe-graphql is a package which serves Silverstripe data in GraphQL representations. An attacker could use a recursi... 7.5 - HIGH 2023-10-16 2023-10-23
CVE-2023-32302 json ** REJECT ** Authoritative user requested CVE rejection https://github.com/github/advisory-database/pull/2575#issuecomment-1... Not Provided 2023-08-01 2023-11-07
CVE-2023-28104 json `silverstripe/graphql` serves Silverstripe data as GraphQL representations. In versions 4.2.2 and 4.1.1, an attacker could us... 7.5 - HIGH 2023-03-16 2023-03-22
CVE-2023-22729 json Silverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system. Prior t... 6.1 - MEDIUM 2023-04-26 2023-05-04
CVE-2023-22728 json Silverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system. Prior t... 4.3 - MEDIUM 2023-04-26 2023-05-04
CVE-2022-42949 json Silverstripe silverstripe/subsites through 2.6.0 has Insecure Permissions. 7.5 - HIGH 2022-12-21 2023-01-03
CVE-2022-38724 json Silverstripe silverstripe/framework through 4.11.0, silverstripe/assets through 1.11.0, and silverstripe/asset-admin through ... 5.4 - MEDIUM 2022-11-23 2022-11-28
CVE-2022-38462 json Silverstripe silverstripe/framework through 4.11 is vulnerable to XSS by carefully crafting a return URL on a /dev/build or /... 6.1 - MEDIUM 2022-11-22 2022-11-23
CVE-2022-38148 json Silverstripe silverstripe/framework through 4.11 allows SQL Injection. 8.8 - HIGH 2022-11-21 2022-11-22
CVE-2022-38147 json Silverstripe silverstripe/framework through 4.11 allows XSS (issue 3 of 3). 5.4 - MEDIUM 2022-11-23 2022-11-30
CVE-2022-38146 json Silverstripe silverstripe/framework through 4.11 allows XSS (issue 2 of 3). 5.4 - MEDIUM 2022-11-21 2022-11-22
CVE-2022-38145 json Silverstripe silverstripe/framework through 4.11 allows XSS (issue 1 of 3) via remote attackers adding a Javascript payload t... 5.4 - MEDIUM 2022-11-23 2022-11-30
CVE-2022-37430 json Silverstripe silverstripe/framework through 4.11 allows XSS vulnerability via href attribute of a link (issue 2 of 2). 5.4 - MEDIUM 2022-11-23 2022-11-30
CVE-2022-37429 json Silverstripe silverstripe/framework through 4.11 allows XSS (issue 1 of 2) via JavaScript payload to the href attribute of a ... 5.4 - MEDIUM 2022-11-23 2022-12-02
CVE-2022-37421 json Silverstripe silverstripe/cms through 4.11.0 allows XSS. 5.4 - MEDIUM 2022-11-23 2022-11-30
CVE-2022-29858 json Silverstripe silverstripe/assets through 1.10 is vulnerable to improper access control that allows protected images to be pub... 4.3 - MEDIUM 2022-06-28 2022-07-08
Results limited to 20 most recent vulnerabilities

Known software with vulnerabilities from Silverstripe

Type Vendor Product Version
ApplicationSilverstripeMimevalidator1.0.0
ApplicationSilverstripeRecipe1.0.0
ApplicationSilverstripeRegistry1.0.1
ApplicationSilverstripeRestfulserver1.0.1
ApplicationSilverstripeSilverstripe2.0.1