Site Navigation
Mobile site navigation
Search
Site search
Search site
Software
CMS
Framework
Hosting
Addons
Roadmap
History
BSD License
Community
Developer directory
Showcase
Forums
Slack
Join us
Contribute
Learn
Using the CMS
Developer Docs
API Docs
Training
Lessons
Blog
Download
Security Releases
Release Archive
Changelog
Version Control
About the release process
Demo
Open Source
Software
CMS
Screencasts
Framework
Hosting
Addons
Modules
Themes
Vendors
Authors
Tags
Submit
Supported Modules Definition
Commercially Supported Modules
Roadmap
History
Feedback and reviews
BSD License
Community
Developer directory
Showcase
New Submission
Forums
Slack
Join us
Contribute
Designers
IRC - Internet Relay Chat
Community dashboard
Github All Open UX issues
Learn
Using the CMS
Developer Docs
API Docs
Training
Lessons
Lessons (v4)
Lessons (v3)
Blog
Download
Security Releases
SS-2017-010: install.php discloses sensitive data by pre-populating DB credential forms
SS-2017-009: Users inadvertently passing sensitive data to LoginAttempt
SS-2017-008: SQL injection in full text search of SilverStripe 4
SS-2017-007: CSV Excel Macro Injection
SS-2017-006: Session user agent change detection
SS-2017-005: User enumeration via timing attack on login and password reset forms
SS-2017-004: XSS in page history comparison
SS-2017-003: XSS in RedirectorPage
SS-2017-002: Member disclosure in login form
SS-2017-001: XSS In page name
SS-2016-017: SVG Uploads
SS-2016-016: XSS In CMSSecurity BackURL
SS-2016-015: XSS In OptionsetField and CheckboxSetField
SS-2016-014: Pre-existing alc_enc cookies log users in if remember me is disabled
SS-2016-013: Member.Name isn't escaped
SS-2016-012: Missing ACL on reports
SS-2016-011: ChangePasswordForm doesn't check Member::canLogIn()
SS-2016-010: ReadOnly transformation for formfields exploitable
SS-2016-008: Password encryption salt expiry
SS-2016-007: VersionedRequestFilter vulnerability
SS-2016-006: Missing CSRF protection in login form
SS-2016-005: Brute force bypass on default admin
SS-2016-004: XSS in CMS Edit Page
SS-2016-003: Hostname, IP and Protocol Spoofing through HTTP Headers
SS-2016-002: CSRF vulnerability in GridFieldAddExistingAutocompleter
SS-2016-001: XSS in CMSController BackURL
SS-2015-029: CSRF vulnerability in savetreenodes
SS-2015-028: Missing security check on dev/build/defaults
SS-2015-027: HtmlEditor embed url sanitisation
SS-2015-026: Form field validation message XSS vulnerability
SS-2015-025: Request class name exposure on error
SS-2015-024: Queued jobs serialised data exposure
SS-2015-023: Advanced workflow member field exposure
SS-2015-022: XML escape RSSFeed $link parameter
SS-2015-021: Hash rewrite URL filtering
SS-2015-020: Privilege Escalation Risk in Security Admin
SS-2015-019: Leaky draft stage risk
SS-2015-018: File upload exposure on UserForms module
SS-2015-017: Forum Module CSRF Vulnerability
SS-2015-016: XSS in install.php
SS-2015-015: XSS in dev/build returnURL Parameter
SS-2015-014: Vulnerability on "isDev", "isTest" and "flush" $_GET validation
SS-2015-013: X-Forwarded-Host request hostname injection
SS-2015-012: External redirection risk in Security?ReturnURL
SS-2015-011: Potential SQL Injection Vulnerability
SS-2015-010: XSS in Director::force_redirect()
SS-2015-009: XSS In rewritten hash links
SS-2015-008: SiteTree Creation Permission Vulnerability
SS-2015-007: XSS In FormAction
SS-2015-006: XSS In GridField print
SS-2015-005: VirtualPage XSS
SS-2015-004: TreeDropdownField and TreeMultiSelectField XSS
SS-2015-003: History XSS Vulnerability
SS-2015-001: Debug information exposed
SS-2014-018
SS-2014-017: XML Quadratic Blowup Attack
SS-2014-016
SS-2014-015: IE requests not properly behaving with rewritehashlinks
SS-2014-014
SS-2014-013
SS-2014-012
SS-2014-011
SS-2014-010
SS-2014-009
SS-2014-008
SS-2014-007
SS-2014-006
SS-2014-005
SS-2014-004
SS-2014-003
SS-2014-002
SS-2014-001
SS-2013-001: Require ADMIN for ?flush=1
SS-2013-002: SQL injection in Versioned.php
Undefined or empty `$allowed_actions` overrides parent definitions
Information exposure through web access on YAML configuration files
Information exposure through web access on composer files
Require ADMIN permissions for ?showtemplate=1
Stored XSS in the "New Group" dialog, XSS in CMS status messages
Older releases
SS-2013-003: Privilege escalation through Group hierarchy setting
SS-2013-004: Privilege escalation through Group and Member CSV upload
SS-2013-005: Privilege escalation with APPLY_ROLES
SS-2013-006: Information disclosure in Versioned.php
SS-2013-007: XSS in CMS "Security" section
SS-2013-008: XSS in form validation errors
SS-2013-009: XSS in CMS "Pages" section
Release Archive
Changelog
Version Control
About the release process
Demo
Company
Products
Services
Web development
Agile Consulting
Code Reviews
Training
About
Our Team
We're Hiring
History
Open Source
Agile
Awards
Our work
Blog
Partners
Contact
Platform
Features
Deployment
Security
Pricing
Code Care
Agencies
Technical
Enquire
Login
Site Menu
SilverStripe
Open Source
Software
Community
Learn
Blog
Download
Demo
Company
Products
Services
About
Our work
Blog
Partners
Contact
Platform
Features
Pricing
Code Care
Agencies
Technical
Enquire
Login
Add-ons
Themes
Vendors
Authors
Tags
Submit
Modules and Themes
Search for
Search Add-ons
Add-on type
Modules and themes
Modules
Themes
Compatible SilverStripe versions
4.2
4.1
4.0
3.7
3.6
3.5
3.4
3.3
3.2
3.1
3.0
2.4
Sort by
Best match
Name
Most downloaded
Average downloads per day
Newest
jonom/focuspoint
Smarter automatic image cropping for SilverStripe
74483
micschk/silverstripe-focuspointcropper
Even smarter automatic image cropping for SilverStripe
196