CVE-2022-38147
https://notcve.org/view.php?id=CVE-2022-38147
Silverstripe silverstripe/framework through 4.11 allows XSS (issue 3 of 3). El framework Silverstripe hasta 4.11 permite XSS (problema 3 de 3). • https://forum.silverstripe.org/c/releases https://www.silverstripe.org/blog/tag/release https://www.silverstripe.org/download/security-releases https://www.silverstripe.org/download/security-releases/CVE-2022-38147 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-38724
https://notcve.org/view.php?id=CVE-2022-38724
Silverstripe silverstripe/framework through 4.11.0, silverstripe/assets through 1.11.0, and silverstripe/asset-admin through 1.11.0 allow XSS. Silverstripe silverstripe/framework hasta 4.11.0, silverstripe/assets hasta 1.11.0 y silverstripe/asset-admin hasta 1.11.0 permiten XSS. • https://forum.silverstripe.org/c/releases https://www.silverstripe.org/blog/tag/release https://www.silverstripe.org/download/security-releases https://www.silverstripe.org/download/security-releases/CVE-2022-38724 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-38462
https://notcve.org/view.php?id=CVE-2022-38462
Silverstripe silverstripe/framework through 4.11 is vulnerable to XSS by carefully crafting a return URL on a /dev/build or /Security/login request. Silverstripe silverstripe/framework hasta 4.11 es vulnerable a XSS al manipular cuidadosamente una URL de retorno en una solicitud /dev/build o /Security/login. • https://forum.silverstripe.org/c/releases https://www.silverstripe.org/blog/tag/release https://www.silverstripe.org/download/security-releases • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-38146
https://notcve.org/view.php?id=CVE-2022-38146
Silverstripe silverstripe/framework through 4.11 allows XSS (issue 2 of 3). Silverstripe silverstripe/framework hasta 4.11 permite XSS (problema 2 de 3). • https://forum.silverstripe.org/c/releases https://www.silverstripe.org/blog/tag/release https://www.silverstripe.org/download/security-releases https://www.silverstripe.org/download/security-releases/CVE-2022-38146 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-38148
https://notcve.org/view.php?id=CVE-2022-38148
Silverstripe silverstripe/framework through 4.11 allows SQL Injection. Silverstripe silverstripe/framework hasta 4.11 permite la inyección SQL. • https://forum.silverstripe.org/c/releases https://www.silverstripe.org/blog/tag/release https://www.silverstripe.org/download/security-releases https://www.silverstripe.org/download/security-releases/CVE-2022-38148 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •