Silverstripe : Security Vulnerabilities, CVEs, Published In 2017
SilverStripe CMS before 3.6.1 has XSS via an SVG document that is mishandled by (1) the Insert Media option in the content editor or (2) an admin/assets/add pathname, as demonstrated by the admin/pages/edit/EditorToolbar/MediaForm/field/AssetUploadField/upload URI, aka issue SS-2017-017.
Max CVSS
6.1
EPSS Score
0.14%
Published
2017-09-15
Updated
2017-11-02
Response discrepancy in the login and password reset forms in SilverStripe CMS before 3.5.5 and 3.6.x before 3.6.1 allows remote attackers to enumerate users via timing attacks.
Max CVSS
5.3
EPSS Score
0.16%
Published
2017-10-12
Updated
2017-11-03
There is XSS in SilverStripe CMS before 3.4.4 and 3.5.x before 3.5.2. The attack vector is a page name. An example payload is a crafted JavaScript event handler within a malformed SVG element.
Max CVSS
6.1
EPSS Score
0.08%
Published
2017-03-06
Updated
2019-03-19
3 vulnerabilities found