NotCVE - vendor:"Silverstripe"

Page 11 of 87 results (0.005 seconds)

CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0

CVE-2017-12849

https://notcve.org/view.php?id=CVE-2017-12849

Response discrepancy in the login and password reset forms in SilverStripe CMS before 3.5.5 and 3.6.x before 3.6.1 allows remote attackers to enumerate users via timing attacks. Discrepancia de respuestas en los formularios de reinicio de contraseña y login en SilverStripe CMS en versiones anteriores a la 3.5.5 y versiones 3.6.x anteriores a la 3.6.1 permite que atacantes remotos enumeren usuarios mediante ataques de sincronización. • https://www.silverstripe.org/download/security-releases/ss-2017-005 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

CVE-2017-14498

https://notcve.org/view.php?id=CVE-2017-14498

SilverStripe CMS before 3.6.1 has XSS via an SVG document that is mishandled by (1) the Insert Media option in the content editor or (2) an admin/assets/add pathname, as demonstrated by the admin/pages/edit/EditorToolbar/MediaForm/field/AssetUploadField/upload URI, aka issue SS-2017-017. Existe una vulnerabilidad de tipo Cross-Site Scripting (XSS) en SilverStripe CMS en versiones anteriores a la 3.6.1 mediante un documento SVG que no es gestionado correctamente por (1) la opción Insert Media en el editor de contenidos o (2) un nombre de ruta admin/assets/add, tal y como demuestra la URI admin/pages/edit/EditorToolbar/MediaForm/field/AssetUploadField/upload. Este problema también se conoce como SS-2017-017. • http://lists.openwall.net/full-disclosure/2017/09/14/2 https://docs.silverstripe.org/en/3/changelogs/3.6.1 https://github.com/silverstripe/silverstripe-framework/commit/25b77a2ff8deabe8e8894002b9a5647eaec27b0a https://github.com/silverstripe/silverstripe-installer/commit/c25478bef75cc5482852e80a1fa6f1f0e6460e39 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0

CVE-2017-5197

https://notcve.org/view.php?id=CVE-2017-5197

There is XSS in SilverStripe CMS before 3.4.4 and 3.5.x before 3.5.2. The attack vector is a page name. An example payload is a crafted JavaScript event handler within a malformed SVG element. Hay una XSS en SilverStripe CMS en versiones anteriores a 3.4.4 y 3.5.x en versiones anteriores a 3.5.2. El vector de ataque es un nombre de página. • http://www.securityfocus.com/bid/96572 https://www.silverstripe.org/download/security-releases • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0

CVE-2015-8606

https://notcve.org/view.php?id=CVE-2015-8606

Multiple cross-site scripting (XSS) vulnerabilities in SilverStripe CMS & Framework before 3.1.16 and 3.2.x before 3.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) Locale or (2) FailedLoginCount parameter to admin/security/EditForm/field/Members/item/new/ItemEditForm. Múltiples vulnerabilidades de XSS en SilverStripe CMS & Framework en versiones anteriores a 3.1.16 y 3.2.x en versiones anteriores a 3.2.1 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro (1) Locale o (2) FailedLogenCount en admen/security/EditForm/field/Members/item/new/ItemEditForm. • http://seclists.org/fulldisclosure/2015/Dec/55 http://www.openwall.com/lists/oss-security/2015/12/17/1 http://www.openwall.com/lists/oss-security/2015/12/17/11 http://www.openwall.com/lists/oss-security/2015/12/18/5 http://www.silverstripe.org/download/security-releases/ss-2015-026 https://cybersecurityworks.com/zerodays/cve-2015-8606-silverstripe.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2015-5062 – SilverStripe CMS 3.1.13 XSS / Open Redirect

https://notcve.org/view.php?id=CVE-2015-5062

Open redirect vulnerability in SilverStripe CMS & Framework 3.1.13 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the returnURL parameter to dev/build. Vulnerabilidad de la redirección abierta en SilverStripe CMS & Framework 3.1.13 permite a atacantes remotos redirigir usuarios hacia sitios web arbitrarios y realizar ataques de phishing a través de una URL en el parámetro returnURL en dev/build. SilverStripe CMS version 3.1.13 suffers from open redirection and cross site scripting vulnerabilities. • http://hyp3rlinx.altervista.org/advisories/AS-SILVERSTRIPE0607.txt http://packetstormsecurity.com/files/132223/SilverStripe-CMS-3.1.13-XSS-Open-Redirect.html http://www.securityfocus.com/archive/1/535716/100/0/threaded http://www.securityfocus.com/bid/75419 •

1...9 10 11 12 13