Security Advisories - silverstripe/framework - Packagist

silverstripe/framework Security Advisories for 2.4.10 (11)

[MEDIUM] CVE-2025-30148 - XSS vulnerability in HTML editor

PKSA-y2dn-63zz-mp8n CVE-2025-30148 GHSA-rhx4-hvx9-j387

Affected version: <5.3.23

Reported by:
GitHub, FriendsOfPHP/security-advisories
[MEDIUM] SS-2025-001 - User enumeration via timing attack

PKSA-7qg6-pyzm-bc35 GHSA-256q-hx8w-xcqx

Affected version: <5.3.23

Reported by:
GitHub, FriendsOfPHP/security-advisories
[MEDIUM] CVE-2024-53277 - XSS in form messages

PKSA-gr7c-c3q7-zxkd CVE-2024-53277 GHSA-ff6q-3c9c-6cf5

Affected version: <5.3.8

Reported by:
GitHub, FriendsOfPHP/security-advisories
[MEDIUM] CVE-2024-47605 - XSS via insert media remote file oembed

PKSA-spqx-5bk6-c9yk CVE-2024-47605 GHSA-7cmp-cgg8-4c82

Affected version: <5.3.8

Reported by:
GitHub, FriendsOfPHP/security-advisories
[LOW] SS-2024-002 - Reflected Cross Site Scripting (XSS) in error message

PKSA-24rt-ffr7-cj1w GHSA-74j9-xhqr-6qv3

Affected version: <5.3.8

Reported by:
GitHub, FriendsOfPHP/security-advisories
[MEDIUM] CVE-2024-32981 - XSS Vulnerability with text/html base64-encoded payload

PKSA-jndv-7cgy-xwm3 CVE-2024-32981 GHSA-chx7-9x8h-r5mg

Affected version: <5.2.16

Reported by:
GitHub, FriendsOfPHP/security-advisories
[LOW] SS-2024-001 - TinyMCE allows svg files linked in object tags

PKSA-8tf6-2hv5-c6tq GHSA-mqf3-qpc3-g26q

Affected version: <5.2.16

Reported by:
GitHub, FriendsOfPHP/security-advisories
[MEDIUM] SilverStripe CSV Excel Macro Injection

PKSA-4npp-z2k1-kdtx CVE-2017-18049 GHSA-2jvj-mhf2-g99w

Affected version: >=4.0.0,<4.0.1|>=3.6.0,<3.6.3|<3.5.6

Reported by:
GitHub
[MEDIUM] Silverstripe CMS Open Redirect

PKSA-ktdv-zx9y-ctn1 CVE-2015-5062 GHSA-fh35-p8ph-p545

Affected version: <=3.1.13

Reported by:
GitHub
[MEDIUM] Business Logic Errors in SilverStripe Framework

PKSA-7j38-hj68-r82v CVE-2022-0227 GHSA-32m2-9f76-4gv8

Affected version: <4.10.1

Reported by:
GitHub
[MEDIUM] Lack of access control on upoaded files

PKSA-5yvt-vswv-zn54 CVE-2019-12245 GHSA-jvx5-rm6q-gx7p

Affected version: >=4.4.0,<4.4.4|>=4.0.0,<4.3.6|>=3.7.0,<3.7.4|<3.6.8

Reported by:
GitHub