Silverstripe Framework
15 CVEs affecting Silverstripe Framework. Latest disclosed: 2025-04-10. Critical: 0, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2022-38148 | High | 8.8 | 2022-11-21 | Silverstripe silverstripe/framework through 4.11 allows SQL Injection. |
CVE-2022-38462 | Medium | 6.1 | 2022-11-22 | Silverstripe silverstripe/framework through 4.11 is vulnerable to XSS by carefully crafting a return URL on a /dev/build or /Security/login request. |
CVE-2025-30148 | Medium | 5.4 | 2025-04-10 | Silverstripe Framework is a PHP framework which powers the Silverstripe CMS. Prior to 5.3.23, bad actor with access to edit content in the CMS could send a spe… |
CVE-2024-53277 | Medium | 5.4 | 2025-01-14 | Silverstripe Framework is a PHP framework which powers the Silverstripe CMS. In some cases, form messages can contain HTML markup. This is an intentional featu… |
CVE-2024-32981 | Medium | 5.4 | 2024-07-17 | Silverstripe framework is the PHP framework forming the base for the Silverstripe CMS. In affected versions a bad actor with access to edit content in the CMS… |
CVE-2023-22729 | Medium | 5.4 | 2023-04-26 | Silverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system. Prior to version 4.12.15, an attacker can… |
CVE-2022-38147 | Medium | 5.4 | 2022-11-23 | Silverstripe silverstripe/framework through 4.11 allows XSS (issue 3 of 3). |
CVE-2022-38145 | Medium | 5.4 | 2022-11-23 | Silverstripe silverstripe/framework through 4.11 allows XSS (issue 1 of 3) via remote attackers adding a Javascript payload to a page's meta description and ge… |
CVE-2022-37430 | Medium | 5.4 | 2022-11-23 | Silverstripe silverstripe/framework through 4.11 allows XSS vulnerability via href attribute of a link (issue 2 of 2). |
CVE-2022-37429 | Medium | 5.4 | 2022-11-23 | Silverstripe silverstripe/framework through 4.11 allows XSS (issue 1 of 2) via JavaScript payload to the href attribute of a link by splitting a javascript URL… |
CVE-2022-38724 | Medium | 5.4 | 2022-11-23 | Silverstripe silverstripe/framework through 4.11.0, silverstripe/assets through 1.11.0, and silverstripe/asset-admin through 1.11.0 allow XSS. |
CVE-2022-38146 | Medium | 5.4 | 2022-11-21 | Silverstripe silverstripe/framework through 4.11 allows XSS (issue 2 of 3). |
CVE-2022-25238 | Medium | 5.4 | 2022-06-28 | Silverstripe silverstripe/framework through 4.10.0 allows XSS, inside of script tags that can can be added to website content via XHR by an authenticated CMS u… |
CVE-2023-48714 | Medium | 4.3 | 2024-01-23 | Silverstripe Framework is the framework that forms the base of the Silverstripe content management system. Prior to versions 4.13.39 and 5.1.11, if a user shou… |
CVE-2023-22728 | Medium | 4.3 | 2023-04-26 | Silverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system. Prior to version 4.12.15, the GridField p… |