CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-28803
https://notcve.org/view.php?id=CVE-2022-28803
In SilverStripe Framework through 2022-04-07, Stored XSS can occur in javascript link tags added via XMLHttpRequest (XHR). En SilverStripe Framework versiones hasta 07-04-2022, un ataque de tipo XSS almacenado puede ocurrir en etiquetas de enlace javascript añadidas por medio de XMLHttpRequest (XHR) • https://silverstripe.org https://www.silverstripe.org/download/security-releases/cve-2022-28803 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-24444
https://notcve.org/view.php?id=CVE-2022-24444
Silverstripe silverstripe/framework through 4.10 allows Session Fixation. Silverstripe silverstripe/framework versiones hasta 4.10, permite una Fijación de Sesión • https://docs.silverstripe.org/en/4/changelogs/4.10.1 https://forum.silverstripe.org/c/releases https://www.silverstripe.org/blog/tag/release https://www.silverstripe.org/download/security-releases https://www.silverstripe.org/download/security-releases/cve-2022-24444 • CWE-384: Session Fixation •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-41559
https://notcve.org/view.php?id=CVE-2021-41559
Silverstripe silverstripe/framework 4.8.1 has a quadratic blowup in Convert::xml2array() that enables a remote attack via a crafted XML document. Silverstripe silverstripe/framework 4.8.1, presenta una explosión cuadrática en la función Convert::xml2array() que permite un ataque remoto por medio de un documento XML diseñado • https://github.com/silverstripe/silverstripe-framework/releases https://www.silverstripe.org/download/security-releases https://www.silverstripe.org/download/security-releases/cve-2021-41559 • CWE-776: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2021-36150
https://notcve.org/view.php?id=CVE-2021-36150
SilverStripe Framework through 4.8.1 allows XSS. SilverStripe Framework versiones hasta 4.8.1, permite un ataque de tipo XSS • https://github.com/silverstripe/silverstripe-framework/releases https://www.silverstripe.org/download/security-releases/CVE-2021-36150 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2020-26136
https://notcve.org/view.php?id=CVE-2020-26136
In SilverStripe through 4.6.0-rc1, GraphQL doesn't honour MFA (multi-factor authentication) when using basic authentication. En SilverStripe versiones hasta 4.6.0-rc1, GraphQL no respecta MFA (multi-factor authentication) cuando se usa la autenticación básica • https://forum.silverstripe.org/c/releases https://www.silverstripe.org/blog/tag/release https://www.silverstripe.org/download/security-releases https://www.silverstripe.org/download/security-releases/cve-2020-26136 • CWE-287: Improper Authentication •