Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

silverstripe — Vulnerabilities & Security Advisories 15

Browse all 15 CVE security advisories affecting silverstripe. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Silverstripe is an open-source content management system primarily used for building websites and web applications. Historically, it has been susceptible to various vulnerability classes including remote code execution, cross-site scripting, and privilege escalation, with 15 CVEs documented. The platform's modular architecture introduces potential attack surfaces through third-party modules. While no major security incidents have been widely reported, the consistent vulnerability count suggests ongoing security challenges. Silverstripe's permission system has been a recurring area of weakness, often leading to unauthorized access or privilege escalation. Regular security updates and module vetting remain critical for maintaining secure implementations of this CMS.

Top products by silverstripe: silverstripe-framework silverstripe-graphql silverstripe-omnipay silverstripe-admin silverstripe-reports silverstripe-asset-admin silverstripe-elemental silverstripe-assets
CVE IDTitleCVSSSeverityPublished
CVE-2026-24749 Silverstripe Assets Module has a DBFile::getURL() permission bypass — silverstripe-assetsCWE-863 5.3 Medium2026-04-16
CVE-2025-30148 Silverstripe Framework has a XSS vulnerability in HTML editor — silverstripe-frameworkCWE-79 5.4 Medium2025-04-10
CVE-2025-25197 Silverstripe Elemental enables XSS attacks in elemental "Content blocks in use" reports — silverstripe-elementalCWE-79 5.4 Medium2025-04-10
CVE-2024-53277 Cross-site Scripting in form messages in silverstripe framework — silverstripe-frameworkCWE-79 5.4 Medium2025-01-14
CVE-2024-47605 Cross-site Scripting via insert media remote file oembed in silverstripe-asset-admin — silverstripe-asset-adminCWE-79 5.4 Medium2025-01-14
CVE-2024-32981 Cross-site Scripting vulnerability with encoded payload in silverstripe/framework — silverstripe-frameworkCWE-79 5.4 Medium2024-07-17
CVE-2024-29885 Reports are still accessible even when `canView()` returns false in silverstripe/reports — silverstripe-reportsCWE-200 4.3 Medium2024-07-17
CVE-2023-49783 No permission checks for editing/deleting records with CSV import form — silverstripe-adminCWE-863 4.3 Medium2024-01-23
CVE-2023-48714 Record titles for restricted records can be viewed if exposed by GridFieldAddExistingAutocompleter — silverstripe-frameworkCWE-200 4.3 Medium2024-01-23
CVE-2023-44401 Silverstripe GraqhQL's view permissions are bypassed for paginated lists of ORM data — silverstripe-graphqlCWE-863 5.3 Medium2024-01-23
CVE-2023-40180 Denial of service vulnerability in silverstripe-graphql via recursive queries — silverstripe-graphqlCWE-400 7.5 High2023-10-16
CVE-2023-22729 Silverstripe Framework has open redirect vulnerability on CMSSecurity relogin screen — silverstripe-frameworkCWE-601 5.4 Medium2023-04-26
CVE-2023-22728 Silverstripe Framework has missing permission check of canView in GridFieldPrintButton — silverstripe-frameworkCWE-862 4.3 Medium2023-04-26
CVE-2023-28104 silverstripe/graphql Denial of Service vulnerability — silverstripe-graphqlCWE-770 7.5 High2023-03-16
CVE-2022-29254 Failed payment recorded has completed in silverstripe/silverstripe-omnipay — silverstripe-omnipayCWE-436 3.7 Low2022-06-06

This page lists every published CVE security advisory associated with silverstripe. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.