CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-20164 – Symbiote Seed Login SecurityLoginExtension.php onBeforeSecurityLogin redirect
https://notcve.org/view.php?id=CVE-2017-20164
A vulnerability was found in Symbiote Seed up to 6.0.2. It has been classified as critical. Affected is the function onBeforeSecurityLogin of the file code/extensions/SecurityLoginExtension.php of the component Login. The manipulation of the argument URL leads to open redirect. It is possible to launch the attack remotely. • https://github.com/symbiote/silverstripe-seed/commit/b065ebd82da53009d273aa7e989191f701485244 https://github.com/symbiote/silverstripe-seed/releases/tag/6.0.3 https://vuldb.com/?ctiid.217626 https://vuldb.com/?id.217626 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 6.1EPSS: 0%CPEs: 9EXPL: 0CVE-2021-27938
https://notcve.org/view.php?id=CVE-2021-27938
A vulnerability has been identified in the Silverstripe CMS 3 and 4 version of the symbiote/silverstripe-queuedjobs module. A Cross Site Scripting vulnerability allows an attacker to inject an arbitrary payload in the CreateQueuedJobTask dev task via a specially crafted URL. Se ha identificado una vulnerabilidad en el Silverstripe CMS versiones 3 y 4 del módulo symbiote/silverstripe-queuedjobs. Una vulnerabilidad de tipo Cross Site Scripting permite a un atacante inyectar una carga útil arbitraria en CreateQueuedJobTask por medio de una URL especialmente diseñada • https://github.com/symbiote/silverstripe-queuedjobs/releases https://www.silverstripe.org/download/security-releases/cve-2021-27938 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2019-16409
https://notcve.org/view.php?id=CVE-2019-16409
In the Versioned Files module through 2.0.3 for SilverStripe 3.x, unpublished versions of files are publicly exposed to anyone who can guess their URL. This guess could be highly informed by a basic understanding of the symbiote/silverstripe-versionedfiles source code. (Users who upgrade from SilverStripe 3.x to 4.x and had Versioned Files installed have no further need for this module, because the 4.x release has built-in versioning. However, nothing in the upgrade process automates the destruction of these insecure artefacts, nor alerts the user to the criticality of destruction.) En el módulo Versioned Files versiones hasta 2.0.3 para SilverStripe versiones 3.x, las versiones no publicadas de archivos se exponen públicamente a cualquiera que pueda adivinar su URL. • https://github.com/silverstripe/silverstripe-framework https://github.com/symbiote/silverstripe-versionedfiles https://www.silverstripe.org/download/security-releases/cve-2019-16409 •