Silverstripe Framework

15 CVEs affecting Silverstripe Framework. Latest disclosed: 2025-04-10. Critical: 0, High: 1.

Top CVEs affecting Silverstripe Framework
CVESeverityScorePublishedSummary
CVE-2022-38148High8.82022-11-21Silverstripe silverstripe/framework through 4.11 allows SQL Injection.
CVE-2022-38462Medium6.12022-11-22Silverstripe silverstripe/framework through 4.11 is vulnerable to XSS by carefully crafting a return URL on a /dev/build or /Security/login request.
CVE-2025-30148Medium5.42025-04-10Silverstripe Framework is a PHP framework which powers the Silverstripe CMS. Prior to 5.3.23, bad actor with access to edit content in the CMS could send a spe…
CVE-2024-53277Medium5.42025-01-14Silverstripe Framework is a PHP framework which powers the Silverstripe CMS. In some cases, form messages can contain HTML markup. This is an intentional featu…
CVE-2024-32981Medium5.42024-07-17Silverstripe framework is the PHP framework forming the base for the Silverstripe CMS. In affected versions a bad actor with access to edit content in the CMS…
CVE-2023-22729Medium5.42023-04-26Silverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system. Prior to version 4.12.15, an attacker can…
CVE-2022-38147Medium5.42022-11-23Silverstripe silverstripe/framework through 4.11 allows XSS (issue 3 of 3).
CVE-2022-38145Medium5.42022-11-23Silverstripe silverstripe/framework through 4.11 allows XSS (issue 1 of 3) via remote attackers adding a Javascript payload to a page's meta description and ge…
CVE-2022-37430Medium5.42022-11-23Silverstripe silverstripe/framework through 4.11 allows XSS vulnerability via href attribute of a link (issue 2 of 2).
CVE-2022-37429Medium5.42022-11-23Silverstripe silverstripe/framework through 4.11 allows XSS (issue 1 of 2) via JavaScript payload to the href attribute of a link by splitting a javascript URL…
CVE-2022-38724Medium5.42022-11-23Silverstripe silverstripe/framework through 4.11.0, silverstripe/assets through 1.11.0, and silverstripe/asset-admin through 1.11.0 allow XSS.
CVE-2022-38146Medium5.42022-11-21Silverstripe silverstripe/framework through 4.11 allows XSS (issue 2 of 3).
CVE-2022-25238Medium5.42022-06-28Silverstripe silverstripe/framework through 4.10.0 allows XSS, inside of script tags that can can be added to website content via XHR by an authenticated CMS u…
CVE-2023-48714Medium4.32024-01-23Silverstripe Framework is the framework that forms the base of the Silverstripe content management system. Prior to versions 4.13.39 and 5.1.11, if a user shou…
CVE-2023-22728Medium4.32023-04-26Silverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system. Prior to version 4.12.15, the GridField p…