CVE-2022-38724
https://notcve.org/view.php?id=CVE-2022-38724
Silverstripe silverstripe/framework through 4.11.0, silverstripe/assets through 1.11.0, and silverstripe/asset-admin through 1.11.0 allow XSS. Silverstripe silverstripe/framework hasta 4.11.0, silverstripe/assets hasta 1.11.0 y silverstripe/asset-admin hasta 1.11.0 permiten XSS. • https://forum.silverstripe.org/c/releases https://www.silverstripe.org/blog/tag/release https://www.silverstripe.org/download/security-releases https://www.silverstripe.org/download/security-releases/CVE-2022-38724 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-38462
https://notcve.org/view.php?id=CVE-2022-38462
Silverstripe silverstripe/framework through 4.11 is vulnerable to XSS by carefully crafting a return URL on a /dev/build or /Security/login request. Silverstripe silverstripe/framework hasta 4.11 es vulnerable a XSS al manipular cuidadosamente una URL de retorno en una solicitud /dev/build o /Security/login. • https://forum.silverstripe.org/c/releases https://www.silverstripe.org/blog/tag/release https://www.silverstripe.org/download/security-releases • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-38146
https://notcve.org/view.php?id=CVE-2022-38146
Silverstripe silverstripe/framework through 4.11 allows XSS (issue 2 of 3). Silverstripe silverstripe/framework hasta 4.11 permite XSS (problema 2 de 3). • https://forum.silverstripe.org/c/releases https://www.silverstripe.org/blog/tag/release https://www.silverstripe.org/download/security-releases https://www.silverstripe.org/download/security-releases/CVE-2022-38146 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-38148
https://notcve.org/view.php?id=CVE-2022-38148
Silverstripe silverstripe/framework through 4.11 allows SQL Injection. Silverstripe silverstripe/framework hasta 4.11 permite la inyección SQL. • https://forum.silverstripe.org/c/releases https://www.silverstripe.org/blog/tag/release https://www.silverstripe.org/download/security-releases https://www.silverstripe.org/download/security-releases/CVE-2022-38148 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2022-25238
https://notcve.org/view.php?id=CVE-2022-25238
Silverstripe silverstripe/framework through 4.10.0 allows XSS, inside of script tags that can can be added to website content via XHR by an authenticated CMS user if the cwp-core module is not installed on the sanitise_server_side contig is not set to true in project code. Silverstripe silverstripe/framework versiones hasta 4.10.0, permite un ataque de tipo XSS, dentro de las etiquetas de script que pueden ser añadidas al contenido del sitio web por medio de XHR por un usuario autenticado del CMS si el módulo cwp-core no está instalado en el contig sanitise_server_side no está establecido a true en el código del proyecto • https://docs.silverstripe.org/en/4/changelogs/4.10.1 https://forum.silverstripe.org/c/releases https://www.silverstripe.org/blog/tag/release https://www.silverstripe.org/download/security-releases • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •