CVE-2022-37421
https://notcve.org/view.php?id=CVE-2022-37421
Silverstripe silverstripe/cms through 4.11.0 allows XSS. El cms de Silverstripe hasta 4.11.0 permite XSS. • https://forum.silverstripe.org/c/releases https://www.silverstripe.org/blog/tag/release https://www.silverstripe.org/download/security-releases https://www.silverstripe.org/download/security-releases/CVE-2022-37421 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-28803
https://notcve.org/view.php?id=CVE-2022-28803
In SilverStripe Framework through 2022-04-07, Stored XSS can occur in javascript link tags added via XMLHttpRequest (XHR). En SilverStripe Framework versiones hasta 07-04-2022, un ataque de tipo XSS almacenado puede ocurrir en etiquetas de enlace javascript añadidas por medio de XMLHttpRequest (XHR) • https://silverstripe.org https://www.silverstripe.org/download/security-releases/cve-2022-28803 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-24444
https://notcve.org/view.php?id=CVE-2022-24444
Silverstripe silverstripe/framework through 4.10 allows Session Fixation. Silverstripe silverstripe/framework versiones hasta 4.10, permite una Fijación de Sesión • https://docs.silverstripe.org/en/4/changelogs/4.10.1 https://forum.silverstripe.org/c/releases https://www.silverstripe.org/blog/tag/release https://www.silverstripe.org/download/security-releases https://www.silverstripe.org/download/security-releases/cve-2022-24444 • CWE-384: Session Fixation •
CVE-2021-41559
https://notcve.org/view.php?id=CVE-2021-41559
Silverstripe silverstripe/framework 4.8.1 has a quadratic blowup in Convert::xml2array() that enables a remote attack via a crafted XML document. Silverstripe silverstripe/framework 4.8.1, presenta una explosión cuadrática en la función Convert::xml2array() que permite un ataque remoto por medio de un documento XML diseñado • https://github.com/silverstripe/silverstripe-framework/releases https://www.silverstripe.org/download/security-releases https://www.silverstripe.org/download/security-releases/cve-2021-41559 • CWE-776: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') •
CVE-2021-28661
https://notcve.org/view.php?id=CVE-2021-28661
Default SilverStripe GraphQL Server (aka silverstripe/graphql) 3.x through 3.4.1 permission checker not inherited by query subclass. El comprobador de permisos predeterminado de SilverStripe GraphQL Server (también se conoce como silverstripe/graphql) versiones 3.x hasta 3.4.1, no es heredado por la subclase query • https://github.com/silverstripe/silverstripe-graphql/releases https://www.silverstripe.org/download/security-releases/CVE-2021-28661 • CWE-863: Incorrect Authorization •