Search
Find a vulnerability
Search criteria
4 vulnerabilities found for assets by silverstripe
CVE-2022-38724 (GCVE-0-2022-38724)
Vulnerability from nvd – Published: 2022-11-22 00:00 – Updated: 2025-04-29 04:34
VLAI
Summary
Silverstripe silverstripe/framework through 4.11.0, silverstripe/assets through 1.11.0, and silverstripe/asset-admin through 1.11.0 allow XSS.
Severity
5.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T11:02:14.505Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.silverstripe.org/download/security-releases/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.silverstripe.org/blog/tag/release"
},
{
"tags": [
"x_transferred"
],
"url": "https://forum.silverstripe.org/c/releases"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.silverstripe.org/download/security-releases/CVE-2022-38724"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-38724",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-29T04:33:51.274626Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-29T04:34:39.080Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Silverstripe silverstripe/framework through 4.11.0, silverstripe/assets through 1.11.0, and silverstripe/asset-admin through 1.11.0 allow XSS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-22T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.silverstripe.org/download/security-releases/"
},
{
"url": "https://www.silverstripe.org/blog/tag/release"
},
{
"url": "https://forum.silverstripe.org/c/releases"
},
{
"url": "https://www.silverstripe.org/download/security-releases/CVE-2022-38724"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-38724",
"datePublished": "2022-11-22T00:00:00.000Z",
"dateReserved": "2022-08-24T00:00:00.000Z",
"dateUpdated": "2025-04-29T04:34:39.080Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-29858 (GCVE-0-2022-29858)
Vulnerability from nvd – Published: 2022-06-28 21:36 – Updated: 2024-08-03 06:33
VLAI
Summary
Silverstripe silverstripe/assets through 1.10 is vulnerable to improper access control that allows protected images to be published by changing an existing image short code on website content.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://www.silverstripe.org/download/security-re… | x_refsource_MISC |
| https://www.silverstripe.org/blog/tag/release | x_refsource_MISC |
| https://forum.silverstripe.org/c/releases | x_refsource_MISC |
| https://www.silverstripe.org/download/security-re… | x_refsource_MISC |
| https://huntr.dev/bounties/90e17d95-9f2f-44eb-9f2… | x_refsource_MISC |
| https://github.com/silverstripe/silverstripe-asse… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:33:42.927Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.silverstripe.org/download/security-releases/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.silverstripe.org/blog/tag/release"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://forum.silverstripe.org/c/releases"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.silverstripe.org/download/security-releases/cve-2022-29858"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://huntr.dev/bounties/90e17d95-9f2f-44eb-9f26-49fa13a41d5a/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/silverstripe/silverstripe-assets/commit/5f6a73b010c01587ffbfb954441f6b7cbb54e767"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Silverstripe silverstripe/assets through 1.10 is vulnerable to improper access control that allows protected images to be published by changing an existing image short code on website content."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-06T11:07:44.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.silverstripe.org/download/security-releases/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.silverstripe.org/blog/tag/release"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://forum.silverstripe.org/c/releases"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.silverstripe.org/download/security-releases/cve-2022-29858"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://huntr.dev/bounties/90e17d95-9f2f-44eb-9f26-49fa13a41d5a/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/silverstripe/silverstripe-assets/commit/5f6a73b010c01587ffbfb954441f6b7cbb54e767"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-29858",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Silverstripe silverstripe/assets through 1.10 is vulnerable to improper access control that allows protected images to be published by changing an existing image short code on website content."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.silverstripe.org/download/security-releases/",
"refsource": "MISC",
"url": "https://www.silverstripe.org/download/security-releases/"
},
{
"name": "https://www.silverstripe.org/blog/tag/release",
"refsource": "MISC",
"url": "https://www.silverstripe.org/blog/tag/release"
},
{
"name": "https://forum.silverstripe.org/c/releases",
"refsource": "MISC",
"url": "https://forum.silverstripe.org/c/releases"
},
{
"name": "https://www.silverstripe.org/download/security-releases/cve-2022-29858",
"refsource": "MISC",
"url": "https://www.silverstripe.org/download/security-releases/cve-2022-29858"
},
{
"name": "https://huntr.dev/bounties/90e17d95-9f2f-44eb-9f26-49fa13a41d5a/",
"refsource": "MISC",
"url": "https://huntr.dev/bounties/90e17d95-9f2f-44eb-9f26-49fa13a41d5a/"
},
{
"name": "https://github.com/silverstripe/silverstripe-assets/commit/5f6a73b010c01587ffbfb954441f6b7cbb54e767",
"refsource": "MISC",
"url": "https://github.com/silverstripe/silverstripe-assets/commit/5f6a73b010c01587ffbfb954441f6b7cbb54e767"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-29858",
"datePublished": "2022-06-28T21:36:14.000Z",
"dateReserved": "2022-04-27T00:00:00.000Z",
"dateUpdated": "2024-08-03T06:33:42.927Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-38724 (GCVE-0-2022-38724)
Vulnerability from cvelistv5 – Published: 2022-11-22 00:00 – Updated: 2025-04-29 04:34
VLAI
Summary
Silverstripe silverstripe/framework through 4.11.0, silverstripe/assets through 1.11.0, and silverstripe/asset-admin through 1.11.0 allow XSS.
Severity
5.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T11:02:14.505Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.silverstripe.org/download/security-releases/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.silverstripe.org/blog/tag/release"
},
{
"tags": [
"x_transferred"
],
"url": "https://forum.silverstripe.org/c/releases"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.silverstripe.org/download/security-releases/CVE-2022-38724"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-38724",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-29T04:33:51.274626Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-29T04:34:39.080Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Silverstripe silverstripe/framework through 4.11.0, silverstripe/assets through 1.11.0, and silverstripe/asset-admin through 1.11.0 allow XSS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-22T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.silverstripe.org/download/security-releases/"
},
{
"url": "https://www.silverstripe.org/blog/tag/release"
},
{
"url": "https://forum.silverstripe.org/c/releases"
},
{
"url": "https://www.silverstripe.org/download/security-releases/CVE-2022-38724"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-38724",
"datePublished": "2022-11-22T00:00:00.000Z",
"dateReserved": "2022-08-24T00:00:00.000Z",
"dateUpdated": "2025-04-29T04:34:39.080Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-29858 (GCVE-0-2022-29858)
Vulnerability from cvelistv5 – Published: 2022-06-28 21:36 – Updated: 2024-08-03 06:33
VLAI
Summary
Silverstripe silverstripe/assets through 1.10 is vulnerable to improper access control that allows protected images to be published by changing an existing image short code on website content.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://www.silverstripe.org/download/security-re… | x_refsource_MISC |
| https://www.silverstripe.org/blog/tag/release | x_refsource_MISC |
| https://forum.silverstripe.org/c/releases | x_refsource_MISC |
| https://www.silverstripe.org/download/security-re… | x_refsource_MISC |
| https://huntr.dev/bounties/90e17d95-9f2f-44eb-9f2… | x_refsource_MISC |
| https://github.com/silverstripe/silverstripe-asse… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:33:42.927Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.silverstripe.org/download/security-releases/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.silverstripe.org/blog/tag/release"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://forum.silverstripe.org/c/releases"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.silverstripe.org/download/security-releases/cve-2022-29858"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://huntr.dev/bounties/90e17d95-9f2f-44eb-9f26-49fa13a41d5a/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/silverstripe/silverstripe-assets/commit/5f6a73b010c01587ffbfb954441f6b7cbb54e767"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Silverstripe silverstripe/assets through 1.10 is vulnerable to improper access control that allows protected images to be published by changing an existing image short code on website content."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-06T11:07:44.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.silverstripe.org/download/security-releases/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.silverstripe.org/blog/tag/release"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://forum.silverstripe.org/c/releases"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.silverstripe.org/download/security-releases/cve-2022-29858"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://huntr.dev/bounties/90e17d95-9f2f-44eb-9f26-49fa13a41d5a/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/silverstripe/silverstripe-assets/commit/5f6a73b010c01587ffbfb954441f6b7cbb54e767"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-29858",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Silverstripe silverstripe/assets through 1.10 is vulnerable to improper access control that allows protected images to be published by changing an existing image short code on website content."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.silverstripe.org/download/security-releases/",
"refsource": "MISC",
"url": "https://www.silverstripe.org/download/security-releases/"
},
{
"name": "https://www.silverstripe.org/blog/tag/release",
"refsource": "MISC",
"url": "https://www.silverstripe.org/blog/tag/release"
},
{
"name": "https://forum.silverstripe.org/c/releases",
"refsource": "MISC",
"url": "https://forum.silverstripe.org/c/releases"
},
{
"name": "https://www.silverstripe.org/download/security-releases/cve-2022-29858",
"refsource": "MISC",
"url": "https://www.silverstripe.org/download/security-releases/cve-2022-29858"
},
{
"name": "https://huntr.dev/bounties/90e17d95-9f2f-44eb-9f26-49fa13a41d5a/",
"refsource": "MISC",
"url": "https://huntr.dev/bounties/90e17d95-9f2f-44eb-9f26-49fa13a41d5a/"
},
{
"name": "https://github.com/silverstripe/silverstripe-assets/commit/5f6a73b010c01587ffbfb954441f6b7cbb54e767",
"refsource": "MISC",
"url": "https://github.com/silverstripe/silverstripe-assets/commit/5f6a73b010c01587ffbfb954441f6b7cbb54e767"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-29858",
"datePublished": "2022-06-28T21:36:14.000Z",
"dateReserved": "2022-04-27T00:00:00.000Z",
"dateUpdated": "2024-08-03T06:33:42.927Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}