27 results (0.041 seconds)

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

In SilverStripe Framework through 2022-04-07, Stored XSS can occur in javascript link tags added via XMLHttpRequest (XHR). En SilverStripe Framework versiones hasta 07-04-2022, un ataque de tipo XSS almacenado puede ocurrir en etiquetas de enlace javascript añadidas por medio de XMLHttpRequest (XHR) • https://silverstripe.org https://www.silverstripe.org/download/security-releases/cve-2022-28803 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0

Silverstripe silverstripe/framework through 4.10 allows Session Fixation. Silverstripe silverstripe/framework versiones hasta 4.10, permite una Fijación de Sesión • https://docs.silverstripe.org/en/4/changelogs/4.10.1 https://forum.silverstripe.org/c/releases https://www.silverstripe.org/blog/tag/release https://www.silverstripe.org/download/security-releases https://www.silverstripe.org/download/security-releases/cve-2022-24444 • CWE-384: Session Fixation •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

Silverstripe silverstripe/framework 4.8.1 has a quadratic blowup in Convert::xml2array() that enables a remote attack via a crafted XML document. Silverstripe silverstripe/framework 4.8.1, presenta una explosión cuadrática en la función Convert::xml2array() que permite un ataque remoto por medio de un documento XML diseñado • https://github.com/silverstripe/silverstripe-framework/releases https://www.silverstripe.org/download/security-releases https://www.silverstripe.org/download/security-releases/cve-2021-41559 • CWE-776: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') •

CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0

SilverStripe Framework through 4.8.1 allows XSS. SilverStripe Framework versiones hasta 4.8.1, permite un ataque de tipo XSS • https://github.com/silverstripe/silverstripe-framework/releases https://www.silverstripe.org/download/security-releases/CVE-2021-36150 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1

In SilverStripe through 4.6.0-rc1, GraphQL doesn't honour MFA (multi-factor authentication) when using basic authentication. En SilverStripe versiones hasta 4.6.0-rc1, GraphQL no respecta MFA (multi-factor authentication) cuando se usa la autenticación básica • https://forum.silverstripe.org/c/releases https://www.silverstripe.org/blog/tag/release https://www.silverstripe.org/download/security-releases https://www.silverstripe.org/download/security-releases/cve-2020-26136 • CWE-287: Improper Authentication •