CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-20164 – Symbiote Seed Login SecurityLoginExtension.php onBeforeSecurityLogin redirect
https://notcve.org/view.php?id=CVE-2017-20164
07 Jan 2023 — A vulnerability was found in Symbiote Seed up to 6.0.2. It has been classified as critical. Affected is the function onBeforeSecurityLogin of the file code/extensions/SecurityLoginExtension.php of the component Login. The manipulation of the argument URL leads to open redirect. It is possible to launch the attack remotely. • https://github.com/symbiote/silverstripe-seed/commit/b065ebd82da53009d273aa7e989191f701485244 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 6.1EPSS: 0%CPEs: 9EXPL: 0CVE-2021-27938
https://notcve.org/view.php?id=CVE-2021-27938
16 Mar 2021 — A vulnerability has been identified in the Silverstripe CMS 3 and 4 version of the symbiote/silverstripe-queuedjobs module. A Cross Site Scripting vulnerability allows an attacker to inject an arbitrary payload in the CreateQueuedJobTask dev task via a specially crafted URL. Se ha identificado una vulnerabilidad en el Silverstripe CMS versiones 3 y 4 del módulo symbiote/silverstripe-queuedjobs. Una vulnerabilidad de tipo Cross Site Scripting permite a un atacante inyectar una carga útil arbitraria en C... • https://github.com/symbiote/silverstripe-queuedjobs/releases • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2019-16409
https://notcve.org/view.php?id=CVE-2019-16409
26 Sep 2019 — In the Versioned Files module through 2.0.3 for SilverStripe 3.x, unpublished versions of files are publicly exposed to anyone who can guess their URL. This guess could be highly informed by a basic understanding of the symbiote/silverstripe-versionedfiles source code. (Users who upgrade from SilverStripe 3.x to 4.x and had Versioned Files installed have no further need for this module, because the 4.x release has built-in versioning. However, nothing in the upgrade process automates the destruction of thes... • https://github.com/silverstripe/silverstripe-framework •