Silverstripe/framework
This hub aggregates every CVE we track for Silverstripe/framework, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
36
CVEs tracked
2
Critical
3
High
0
In CISA KEV
Severity distribution
MEDIUM30HIGH3CRITICAL2LOW1
Monthly trend
1
0
0
0
0
0
2
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2024-072026-06
Latest CVEs
The 15 most recently published vulnerabilities affecting Silverstripe/framework.
- CVE-2025-30148Silverstripe Framework has a XSS vulnerability in HTML editor5.4
- CVE-2024-53277Cross-site Scripting in form messages in silverstripe framework5.4
- CVE-2024-47605Cross-site Scripting via insert media remote file oembed in silverstripe-asset-admin5.4
- CVE-2024-32981Cross-site Scripting vulnerability with encoded payload in silverstripe/framework5.4
- CVE-2023-48714Record titles for restricted records can be viewed if exposed by GridFieldAddExistingAutocompleter4.3
- CVE-2023-22729Silverstripe Framework has open redirect vulnerability on CMSSecurity relogin screen 5.4
- CVE-2023-22728Silverstripe Framework has missing permission check of canView in GridFieldPrintButton4.3
- CVE-2022-37430Silverstripe silverstripe/framework through 4.11 allows XSS vulnerability via href attribute of a link (issue 2 of 2).5.4
- CVE-2022-37429Silverstripe silverstripe/framework through 4.11 allows XSS (issue 1 of 2) via JavaScript payload to the href attribute of a link by splitting a javascript URL with white space characters.5.4
- CVE-2022-38724Silverstripe silverstripe/framework through 4.11.0, silverstripe/assets through 1.11.0, and silverstripe/asset-admin through 1.11.0 allow XSS.5.4
- CVE-2022-38462Silverstripe silverstripe/framework through 4.11 is vulnerable to XSS by carefully crafting a return URL on a /dev/build or /Security/login request.6.1
- CVE-2022-38148Silverstripe silverstripe/framework through 4.11 allows SQL Injection.8.8
- CVE-2022-28803In SilverStripe Framework through 2022-04-07, Stored XSS can occur in javascript link tags added via XMLHttpRequest (XHR).5.4
- CVE-2022-25238Silverstripe silverstripe/framework through 4.10.0 allows XSS, inside of script tags that can can be added to website content via XHR by an authenticated CMS user if the cwp-core module is not inst...5.4
- CVE-2021-41559Silverstripe silverstripe/framework 4.8.1 has a quadratic blowup in Convert::xml2array() that enables a remote attack via a crafted XML document.6.5
Product normalization is registry-driven with AI assist and human review. How it works