Silverstripe : Security Vulnerabilities, CVEs, Published In 2017

CVE-2017-14498

SilverStripe CMS before 3.6.1 has XSS via an SVG document that is mishandled by (1) the Insert Media option in the content editor or (2) an admin/assets/add pathname, as demonstrated by the admin/pages/edit/EditorToolbar/MediaForm/field/AssetUploadField/upload URI, aka issue SS-2017-017.
Max CVSS
6.1
EPSS Score
0.14%
Published
2017-09-15
Updated
2017-11-02

CVE-2017-12849

Response discrepancy in the login and password reset forms in SilverStripe CMS before 3.5.5 and 3.6.x before 3.6.1 allows remote attackers to enumerate users via timing attacks.
Max CVSS
5.3
EPSS Score
0.16%
Published
2017-10-12
Updated
2017-11-03

CVE-2017-5197

There is XSS in SilverStripe CMS before 3.4.4 and 3.5.x before 3.5.2. The attack vector is a page name. An example payload is a crafted JavaScript event handler within a malformed SVG element.
Max CVSS
6.1
EPSS Score
0.08%
Published
2017-03-06
Updated
2019-03-19
3 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close