CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 1CVE-2022-38724
https://notcve.org/view.php?id=CVE-2022-38724
22 Nov 2022 — Silverstripe silverstripe/framework through 4.11.0, silverstripe/assets through 1.11.0, and silverstripe/asset-admin through 1.11.0 allow XSS. Silverstripe silverstripe/framework hasta 4.11.0, silverstripe/assets hasta 1.11.0 y silverstripe/asset-admin hasta 1.11.0 permiten XSS. • https://forum.silverstripe.org/c/releases • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-38146
https://notcve.org/view.php?id=CVE-2022-38146
21 Nov 2022 — Silverstripe silverstripe/framework through 4.11 allows XSS (issue 2 of 3). Silverstripe silverstripe/framework hasta 4.11 permite XSS (problema 2 de 3). • https://forum.silverstripe.org/c/releases • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-38148
https://notcve.org/view.php?id=CVE-2022-38148
21 Nov 2022 — Silverstripe silverstripe/framework through 4.11 allows SQL Injection. Silverstripe silverstripe/framework hasta 4.11 permite la inyección SQL. • https://forum.silverstripe.org/c/releases • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-25238
https://notcve.org/view.php?id=CVE-2022-25238
28 Jun 2022 — Silverstripe silverstripe/framework through 4.10.0 allows XSS, inside of script tags that can can be added to website content via XHR by an authenticated CMS user if the cwp-core module is not installed on the sanitise_server_side contig is not set to true in project code. Silverstripe silverstripe/framework versiones hasta 4.10.0, permite un ataque de tipo XSS, dentro de las etiquetas de script que pueden ser añadidas al contenido del sitio web por medio de XHR por un usuario autenticado del CMS si el módu... • https://docs.silverstripe.org/en/4/changelogs/4.10.1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •