silverstripe/cms Security Advisories (16)
-
CVE-2026-54717 - XSS in breadcrumbs in page list view
PKSA-pjvm-vnw2-n3m2 CVE-2026-54717
Affected version: <6.2.1
Reported by:
FriendsOfPHP/security-advisories -
[HIGH] Silverstripe CMS malicious file upload enables script execution
PKSA-znsz-m7d7-h56t CVE-2020-9309 GHSA-h77w-655f-6j3m
Affected version: <=4.5.0
Reported by:
GitHub -
[MEDIUM] Silverstripe CMS XSS Vulnerability
PKSA-ccyg-wwy5-yyd3 CVE-2020-9311 GHSA-2pw2-qpcp-m47x
Affected version: <=4.5.0
Reported by:
GitHub -
[HIGH] Silverstripe CMS information disclosure
PKSA-56d7-q47d-h34q CVE-2020-6164 GHSA-gm5x-hpmw-xpxg
Affected version: <=4.5.0
Reported by:
GitHub -
[MEDIUM] Silverstripe CMS Arbitrary Code Execution
PKSA-jq4c-j65c-3sqg CVE-2011-4962 GHSA-gv6c-59h4-9pmg
Affected version: >=2.4.0,<2.4.6
Reported by:
GitHub -
[MEDIUM] Silverstripe CMS XSS Vulnerability
PKSA-5p8s-br5x-fync CVE-2017-14498 GHSA-j696-6m57-mcrv
Affected version: <3.6.1
Reported by:
GitHub -
[MEDIUM] Silverstripe CMS User Enumeration
PKSA-8wfk-kpg2-nsf4 CVE-2017-12849 GHSA-fwhr-g5r4-xgxf
Affected version: >=3.6,<3.6.1|<3.5.5
Reported by:
GitHub -
[MEDIUM] Silverstripe CMS Open Redirect
PKSA-d4nc-b285-bshc CVE-2015-5062 GHSA-fh35-p8ph-p545
Affected version: <=3.1.13
Reported by:
GitHub -
[LOW] SilverStripe vulnerable to Cross-site Scripting
PKSA-2jwn-hg5z-dtn6 CVE-2010-1593 GHSA-wg4m-vvp6-2hc5
Affected version: <2.3.5
Reported by:
GitHub -
[MEDIUM] Silverstripe CMS XSS Vulnerability
PKSA-k3cw-5yj1-rnwr CVE-2017-5197 GHSA-xmjh-wjc5-wg4h
Affected version: >=3.5.0,<3.5.2|<3.4.4
Reported by:
GitHub -
[MEDIUM] Silverstripe CMS XSS Vulnerability
PKSA-53v5-xxz5-2hk4 CVE-2015-8606 GHSA-gvc8-xjfp-6569
Affected version: =3.2.0|<=3.1.15
Reported by:
GitHub -
[MEDIUM] CVE-2022-37421 - Stored XSS in custom meta tags
PKSA-vfdf-hjn1-7mdt CVE-2022-37421 GHSA-pp74-g2q5-j4jf
Affected version: >=4.0.0,<4.11.3
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[CRITICAL] Missing warning can lead to unauthenticated admin access in SilverStripe
PKSA-7mbq-dxf7-1z4d CVE-2019-12204 GHSA-cg8j-8w52-735v
Affected version: >=4.4.0,<4.4.4
Reported by:
GitHub -
[MEDIUM] SS-2015-008: SiteTree Creation Permission Vulnerability
PKSA-tbcz-9q2k-1r4f GHSA-6hh6-59j2-qrxw
Affected version: >=3.0.0,<3.0.12|>=3.1.0,<3.1.11
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] SS-2015-003: History XSS Vulnerability
PKSA-d3xv-chbr-ng6f GHSA-r97r-64vp-fghm
Affected version: >=3.1.0,<3.1.10
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[HIGH] SS-2015-005: VirtualPage XSS
PKSA-pvwk-bm9n-rprc GHSA-3mm9-2p44-rw39
Affected version: >=3.1.0,<3.1.10
Reported by:
GitHub, FriendsOfPHP/security-advisories