silverstripe/framework Security Advisories for 5.1.14 (7)
-
[MEDIUM] CVE-2025-30148 - XSS vulnerability in HTML editor
PKSA-y2dn-63zz-mp8n CVE-2025-30148 GHSA-rhx4-hvx9-j387
Affected version: <5.3.23
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] SS-2025-001 - User enumeration via timing attack
PKSA-7qg6-pyzm-bc35 GHSA-256q-hx8w-xcqx
Affected version: <5.3.23
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] CVE-2024-53277 - XSS in form messages
PKSA-gr7c-c3q7-zxkd CVE-2024-53277 GHSA-ff6q-3c9c-6cf5
Affected version: <5.3.8
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] CVE-2024-47605 - XSS via insert media remote file oembed
PKSA-spqx-5bk6-c9yk CVE-2024-47605 GHSA-7cmp-cgg8-4c82
Affected version: <5.3.8
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[LOW] SS-2024-002 - Reflected Cross Site Scripting (XSS) in error message
PKSA-24rt-ffr7-cj1w GHSA-74j9-xhqr-6qv3
Affected version: <5.3.8
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] CVE-2024-32981 - XSS Vulnerability with text/html base64-encoded payload
PKSA-jndv-7cgy-xwm3 CVE-2024-32981 GHSA-chx7-9x8h-r5mg
Affected version: <5.2.16
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[LOW] SS-2024-001 - TinyMCE allows svg files linked in object tags
PKSA-8tf6-2hv5-c6tq GHSA-mqf3-qpc3-g26q
Affected version: <5.2.16
Reported by:
GitHub, FriendsOfPHP/security-advisories