silverstripe/framework Security Advisories for 5.2.x-dev (5)
-
[MEDIUM] CVE-2025-30148 - XSS vulnerability in HTML editor
PKSA-y2dn-63zz-mp8n CVE-2025-30148 GHSA-rhx4-hvx9-j387
Affected version: <5.3.23
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] SS-2025-001 - User enumeration via timing attack
PKSA-7qg6-pyzm-bc35 GHSA-256q-hx8w-xcqx
Affected version: <5.3.23
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] CVE-2024-53277 - XSS in form messages
PKSA-gr7c-c3q7-zxkd CVE-2024-53277 GHSA-ff6q-3c9c-6cf5
Affected version: <5.3.8
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] CVE-2024-47605 - XSS via insert media remote file oembed
PKSA-spqx-5bk6-c9yk CVE-2024-47605 GHSA-7cmp-cgg8-4c82
Affected version: <5.3.8
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[LOW] SS-2024-002 - Reflected Cross Site Scripting (XSS) in error message
PKSA-24rt-ffr7-cj1w GHSA-74j9-xhqr-6qv3
Affected version: <5.3.8
Reported by:
GitHub, FriendsOfPHP/security-advisories