CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 1CVE-2022-38724
https://notcve.org/view.php?id=CVE-2022-38724
Silverstripe silverstripe/framework through 4.11.0, silverstripe/assets through 1.11.0, and silverstripe/asset-admin through 1.11.0 allow XSS. Silverstripe silverstripe/framework hasta 4.11.0, silverstripe/assets hasta 1.11.0 y silverstripe/asset-admin hasta 1.11.0 permiten XSS. • https://forum.silverstripe.org/c/releases https://www.silverstripe.org/blog/tag/release https://www.silverstripe.org/download/security-releases https://www.silverstripe.org/download/security-releases/CVE-2022-38724 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2022-38462
https://notcve.org/view.php?id=CVE-2022-38462
Silverstripe silverstripe/framework through 4.11 is vulnerable to XSS by carefully crafting a return URL on a /dev/build or /Security/login request. Silverstripe silverstripe/framework hasta 4.11 es vulnerable a XSS al manipular cuidadosamente una URL de retorno en una solicitud /dev/build o /Security/login. • https://forum.silverstripe.org/c/releases https://www.silverstripe.org/blog/tag/release https://www.silverstripe.org/download/security-releases • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-38146
https://notcve.org/view.php?id=CVE-2022-38146
Silverstripe silverstripe/framework through 4.11 allows XSS (issue 2 of 3). Silverstripe silverstripe/framework hasta 4.11 permite XSS (problema 2 de 3). • https://forum.silverstripe.org/c/releases https://www.silverstripe.org/blog/tag/release https://www.silverstripe.org/download/security-releases https://www.silverstripe.org/download/security-releases/CVE-2022-38146 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-38148
https://notcve.org/view.php?id=CVE-2022-38148
Silverstripe silverstripe/framework through 4.11 allows SQL Injection. Silverstripe silverstripe/framework hasta 4.11 permite la inyección SQL. • https://forum.silverstripe.org/c/releases https://www.silverstripe.org/blog/tag/release https://www.silverstripe.org/download/security-releases https://www.silverstripe.org/download/security-releases/CVE-2022-38148 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-28803
https://notcve.org/view.php?id=CVE-2022-28803
In SilverStripe Framework through 2022-04-07, Stored XSS can occur in javascript link tags added via XMLHttpRequest (XHR). En SilverStripe Framework versiones hasta 07-04-2022, un ataque de tipo XSS almacenado puede ocurrir en etiquetas de enlace javascript añadidas por medio de XMLHttpRequest (XHR) • https://silverstripe.org https://www.silverstripe.org/download/security-releases/cve-2022-28803 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •