silverstripe

Top products

The 15 most recently published vulnerabilities affecting silverstripe.

• CVE-2026-24749Silverstripe Assets Module has a DBFile::getURL() permission bypass5.3Apr 16, 2026
• CVE-2025-30148Silverstripe Framework has a XSS vulnerability in HTML editor5.4Apr 10, 2025
• CVE-2025-25197Silverstripe Elemental enables XSS attacks in elemental "Content blocks in use" reports5.4Apr 10, 2025
• CVE-2024-53277Cross-site Scripting in form messages in silverstripe framework5.4Jan 14, 2025
• CVE-2024-47605Cross-site Scripting via insert media remote file oembed in silverstripe-asset-admin5.4Jan 14, 2025
• CVE-2024-32981Cross-site Scripting vulnerability with encoded payload in silverstripe/framework5.4Jul 17, 2024
• CVE-2024-29885Reports are still accessible even when `canView()` returns false in silverstripe/reports4.3Jul 17, 2024
• CVE-2023-49783No permission checks for editing/deleting records with CSV import form4.3Jan 23, 2024
• CVE-2023-48714Record titles for restricted records can be viewed if exposed by GridFieldAddExistingAutocompleter4.3Jan 23, 2024
• CVE-2023-44401Silverstripe GraqhQL's view permissions are bypassed for paginated lists of ORM data5.3Jan 23, 2024
• CVE-2023-40180Denial of service vulnerability in silverstripe-graphql via recursive queries7.5Oct 16, 2023
• CVE-2023-22729Silverstripe Framework has open redirect vulnerability on CMSSecurity relogin screen 5.4Apr 26, 2023
• CVE-2023-22728Silverstripe Framework has missing permission check of canView in GridFieldPrintButton4.3Apr 26, 2023
• CVE-2023-28104silverstripe/graphql Denial of Service vulnerability7.5Mar 16, 2023
• CVE-2022-42949Silverstripe silverstripe/subsites through 2.6.0 has Insecure Permissions.7.5Dec 20, 2022