silverstripe/framework Security Advisories for 2.4.10 (6)
-
[MEDIUM] CVE-2024-32981 - XSS Vulnerability with text/html base64-encoded payload
PKSA-jndv-7cgy-xwm3 CVE-2024-32981 GHSA-chx7-9x8h-r5mg
Affected version: <5.2.16
Reported by:
GitHub, FriendsOfPHP/security-advisories -
SS-2024-001 - TinyMCE allows svg files linked in object tags
Affected version: <5.2.16
Reported by:
FriendsOfPHP/security-advisories -
[MEDIUM] SilverStripe CSV Excel Macro Injection
PKSA-4npp-z2k1-kdtx CVE-2017-18049 GHSA-2jvj-mhf2-g99w
Affected version: >=4.0.0,<4.0.1|>=3.6.0,<3.6.3|<3.5.6
Reported by:
GitHub -
[MEDIUM] Silverstripe CMS Open Redirect
PKSA-ktdv-zx9y-ctn1 CVE-2015-5062 GHSA-fh35-p8ph-p545
Affected version: <=3.1.13
Reported by:
GitHub -
[MEDIUM] Business Logic Errors in SilverStripe Framework
PKSA-7j38-hj68-r82v CVE-2022-0227 GHSA-32m2-9f76-4gv8
Affected version: <4.10.1
Reported by:
GitHub -
[MEDIUM] Lack of access control on upoaded files
PKSA-5yvt-vswv-zn54 CVE-2019-12245 GHSA-jvx5-rm6q-gx7p
Affected version: >=4.4.0,<4.4.4|>=4.0.0,<4.3.6|>=3.7.0,<3.7.4|<3.6.8
Reported by:
GitHub