Vulnerabilities - Page 171

Vulnerability Name	CVE CWE	CWE	Severity
silverstripeCMS Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-12246)	CVE-2019-12246 CWE-352	CWE-352	Medium
silverstripeCMS Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-12437)	CVE-2019-12437 CWE-352	CWE-352	High
silverstripeCMS Cryptographic Issues Vulnerability (CVE-2010-5079)	CVE-2010-5079		Medium
silverstripeCMS CVE-2019-12204 Vulnerability (CVE-2019-12204)	CVE-2019-12204		Critical
silverstripeCMS CVE-2019-12617 Vulnerability (CVE-2019-12617)	CVE-2019-12617		Low
silverstripeCMS CVE-2019-16409 Vulnerability (CVE-2019-16409)	CVE-2019-16409		Medium
silverstripeCMS CVE-2020-6164 Vulnerability (CVE-2020-6164)	CVE-2020-6164		High
silverstripeCMS Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2010-4822)	CVE-2010-4822 CWE-200	CWE-200	Medium
silverstripeCMS Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2010-5187)	CVE-2010-5187 CWE-200	CWE-200	Medium
silverstripeCMS Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2010-5188)	CVE-2010-5188 CWE-200	CWE-200	Medium
silverstripeCMS Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-6789)	CVE-2013-6789 CWE-200	CWE-200	Medium
silverstripeCMS Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-12849)	CVE-2017-12849 CWE-200	CWE-200	Medium
silverstripeCMS Files or Directories Accessible to External Parties Vulnerability (CVE-2019-14273)	CVE-2019-14273 CWE-552	CWE-552	Medium
silverstripeCMS Improper Authentication Vulnerability (CVE-2020-26136)	CVE-2020-26136 CWE-287	CWE-287	Medium
silverstripeCMS Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2010-5091)	CVE-2010-5091 CWE-94	CWE-94	Medium
silverstripeCMS Improper Input Validation Vulnerability (CVE-2011-4962)	CVE-2011-4962 CWE-20	CWE-20	Medium
silverstripeCMS Improper Input Validation Vulnerability (CVE-2013-2653)	CVE-2013-2653 CWE-20	CWE-20	Medium
silverstripeCMS Improper Input Validation Vulnerability (CVE-2020-26138)	CVE-2020-26138 CWE-20	CWE-20	Medium
silverstripeCMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2010-1593)	CVE-2010-1593 CWE-707	CWE-707	Medium
silverstripeCMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2010-4823)	CVE-2010-4823 CWE-707	CWE-707	Medium
silverstripeCMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2010-5095)	CVE-2010-5095 CWE-707	CWE-707	Medium
silverstripeCMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-4958)	CVE-2011-4958 CWE-707	CWE-707	Medium
silverstripeCMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-0976)	CVE-2012-0976 CWE-707	CWE-707	Low
silverstripeCMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-4968)	CVE-2012-4968 CWE-707	CWE-707	Medium
silverstripeCMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-6458)	CVE-2012-6458 CWE-707	CWE-707	Medium
silverstripeCMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-5063)	CVE-2015-5063 CWE-707	CWE-707	Medium
silverstripeCMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-8606)	CVE-2015-8606 CWE-707	CWE-707	Medium
silverstripeCMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-5197)	CVE-2017-5197 CWE-707	CWE-707	Medium
silverstripeCMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-14498)	CVE-2017-14498 CWE-707	CWE-707	Medium
silverstripeCMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-12205)	CVE-2019-12205 CWE-707	CWE-707	Medium
silverstripeCMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-14272)	CVE-2019-14272 CWE-707	CWE-707	Medium
silverstripeCMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-19325)	CVE-2019-19325 CWE-707	CWE-707	Medium
silverstripeCMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-9311)	CVE-2020-9311 CWE-707	CWE-707	Medium
silverstripeCMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-36150)	CVE-2021-36150 CWE-707	CWE-707	Medium
silverstripeCMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-28803)	CVE-2022-28803 CWE-707	CWE-707	Medium
silverstripeCMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-37421)	CVE-2022-37421 CWE-707	CWE-707	Medium
silverstripeCMS Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2017-18049)	CVE-2017-18049 CWE-138	CWE-138	Medium
silverstripeCMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2008-6753)	CVE-2008-6753 CWE-138	CWE-138	High
silverstripeCMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2009-1433)	CVE-2009-1433 CWE-138	CWE-138	High
silverstripeCMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2010-4824)	CVE-2010-4824 CWE-138	CWE-138	Medium
silverstripeCMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2011-4959)	CVE-2011-4959 CWE-138	CWE-138	Medium
silverstripeCMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2011-4960)	CVE-2011-4960 CWE-138	CWE-138	High
silverstripeCMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-5715)	CVE-2019-5715 CWE-138	CWE-138	Critical
silverstripeCMS Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') Vulnerability (CVE-2021-41559)	CVE-2021-41559 CWE-776	CWE-776	Medium
silverstripeCMS Improper Restriction of XML External Entity Reference Vulnerability (CVE-2020-25817)	CVE-2020-25817 CWE-611	CWE-611	Medium
silverstripeCMS Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') Vulnerability (CVE-2019-19326)	CVE-2019-19326		Medium
silverstripeCMS Incorrect Authorization Vulnerability (CVE-2021-28661)	CVE-2021-28661 CWE-863	CWE-863	Medium
silverstripeCMS Incorrect Default Permissions Vulnerability (CVE-2020-6165)	CVE-2020-6165 CWE-276	CWE-276	Medium
silverstripeCMS Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2019-12245)	CVE-2019-12245 CWE-732	CWE-732	Medium
silverstripeCMS Other Vulnerability (CVE-2007-2321)	CVE-2007-2321		Critical
silverstripeCMS Other Vulnerability (CVE-2015-5062)	CVE-2015-5062		Medium
silverstripeCMS Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-5078)	CVE-2010-5078 CWE-264	CWE-264	Medium
silverstripeCMS Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-5087)	CVE-2010-5087 CWE-264	CWE-264	Medium
silverstripeCMS Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-5089)	CVE-2010-5089 CWE-264	CWE-264	Medium
silverstripeCMS Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-5090)	CVE-2010-5090 CWE-264	CWE-264	Medium
silverstripeCMS Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-5093)	CVE-2010-5093 CWE-264	CWE-264	Medium
silverstripeCMS Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-5094)	CVE-2010-5094 CWE-264	CWE-264	Medium
silverstripeCMS Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-4961)	CVE-2011-4961 CWE-264	CWE-264	Medium
silverstripeCMS Session Fixation Vulnerability (CVE-2019-12203)	CVE-2019-12203 CWE-384	CWE-384	Medium
silverstripeCMS Session Fixation Vulnerability (CVE-2022-24444)	CVE-2022-24444 CWE-384	CWE-384	Medium
silverstripeCMS Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2020-9280)	CVE-2020-9280 CWE-434	CWE-434	High
SimpleHelp Path Traversal (CVE-2024-57727)	CVE-2024-57727 CVE-2024-57726 CVE-2024-57728 CWE-22	CWE-22	High
Sitecore Arbitrary File Read (CVE-2024-46938)	CVE-2024-46938 CWE-200	CWE-200	High
Sitecore XM/XP Insecure Deserialization (CVE-2025-27218)	CVE-2025-27218 CWE-502	CWE-502	Critical
Sitecore XP Deserialization RCE (CVE-2021-42237)	CVE-2021-42237 CWE-502	CWE-502	High
Sitecore XP TemplateParser RCE (CVE-2023-35813)	CVE-2023-35813 CWE-94	CWE-94	Critical
Skipper Incorrect Authorization Vulnerability (CVE-2022-34296)	CVE-2022-34296 CWE-863	CWE-863	High
Skipper Server-Side Request Forgery (SSRF) Vulnerability (CVE-2022-38580)	CVE-2022-38580 CWE-918	CWE-918	Critical
Skype for Business SSRF (CVE-2023-41763)	CVE-2023-41763 CWE-918	CWE-918	High
Snoop Servlet information disclosure	CWE-200	CWE-200	Low
SOAP WS-Addressing SSRF	CWE-918	CWE-918	Medium
SolarWinds Orion API Auth bypass (CVE-2020-10148)	CVE-2020-10148 CWE-287	CWE-287	High
SolarWinds Serv-U Directory Traversal (CVE-2024-28995)	CVE-2024-28995 CWE-22	CWE-22	High
SolarWinds Web Help Desk Hardcoded Credential (CVE-2024-28987)	CVE-2024-28987 CWE-798	CWE-798	Critical
SolarWinds Web Help Desk RCE (CVE-2024-28986)	CVE-2024-28986 CWE-502	CWE-502	Critical

silverstripeCMS Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-12246)

CVE-2019-12246

CWE-352

Medium