CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 1CVE-2022-38724
https://notcve.org/view.php?id=CVE-2022-38724
Silverstripe silverstripe/framework through 4.11.0, silverstripe/assets through 1.11.0, and silverstripe/asset-admin through 1.11.0 allow XSS. Silverstripe silverstripe/framework hasta 4.11.0, silverstripe/assets hasta 1.11.0 y silverstripe/asset-admin hasta 1.11.0 permiten XSS. • https://forum.silverstripe.org/c/releases https://www.silverstripe.org/blog/tag/release https://www.silverstripe.org/download/security-releases https://www.silverstripe.org/download/security-releases/CVE-2022-38724 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2022-29858
https://notcve.org/view.php?id=CVE-2022-29858
Silverstripe silverstripe/assets through 1.10 is vulnerable to improper access control that allows protected images to be published by changing an existing image short code on website content. Silverstripe silverstripe/assets hasta la versión 1.10 es vulnerable a un control de acceso inadecuado que permite publicar imágenes protegidas cambiando un código corto de imagen existente en el contenido del sitio web • https://forum.silverstripe.org/c/releases https://github.com/silverstripe/silverstripe-assets/commit/5f6a73b010c01587ffbfb954441f6b7cbb54e767 https://huntr.dev/bounties/90e17d95-9f2f-44eb-9f26-49fa13a41d5a https://www.silverstripe.org/blog/tag/release https://www.silverstripe.org/download/security-releases https://www.silverstripe.org/download/security-releases/cve-2022-29858 • CWE-287: Improper Authentication •