Site Navigation
Mobile site navigation
Search
Site search
Search site
Software
CMS
Framework
Hosting
Addons
Roadmap
History
BSD License
Community
Forums
Developer directory
Showcase
Contribute
Join us
Learn
Using the CMS
Developer Documentation
API Documentation
Lessons
Training
Blog
Download
Security Releases
Release Archive
Changelog
Version Control
About the release process
Demo
Open Source
Software
CMS
Screencasts
Framework
Hosting
Addons
Modules
Themes
Vendors
Authors
Tags
Submit
Supported Modules Definition
Commercially Supported Modules
Roadmap
History
Feedback and reviews
BSD License
Community
Forums
Installing SilverStripe
Hosting Requirements
Upgrading SilverStripe
Releases and Announcements
General Questions
Blog Module
E-Commerce Modules
Forum Module
DataObjectManager Module
Payments and Payment Gateway / APIs
All other Modules
Themes
Widgets
Migrating a Site to Silverstripe
Customising the CMS
Data Model Questions
Template Questions
Form Questions
Showcase Questions
Content Editor Discussions
Connect With Other SilverStripe Members
Archive
CWP Open Developer Discussion
Developer directory
Showcase
New Submission
Contribute
IRC - Internet Relay Chat
Community dashboard
Join us
Learn
Using the CMS
Developer Documentation
API Documentation
Lessons
Training
Blog
Download
Security Releases
SS-2017-004: XSS in page history comparison
SS-2017-003: XSS in RedirectorPage
SS-2017-002: Member disclosure in login form
SS-2017-001: XSS In page name
SS-2014-010
SS-2016-016: XSS In CMSSecurity BackURL
SS-2016-015: XSS In OptionsetField and CheckboxSetField
SS-2016-014: Pre-existing alc_enc cookies log users in if remember me is disabled
SS-2016-013: Member.Name isn't escaped
SS-2016-012: Missing ACL on reports
SS-2016-011: ChangePasswordForm doesn't check Member::canLogIn()
SS-2016-010: ReadOnly transformation for formfields exploitable
SS-2016-008: Password encryption salt expiry
SS-2016-007: VersionedRequestFilter vulnerability
SS-2016-006: Missing CSRF protection in login form
SS-2016-005: Brute force bypass on default admin
SS-2016-004: XSS in CMS Edit Page
SS-2016-003: Hostname, IP and Protocol Spoofing through HTTP Headers
SS-2016-002: CSRF vulnerability in GridFieldAddExistingAutocompleter
SS-2016-001: XSS in CMSController BackURL
SS-2015-029: CSRF vulnerability in savetreenodes
SS-2015-028: Missing security check on dev/build/defaults
SS-2015-027: HtmlEditor embed url sanitisation
SS-2015-026: Form field validation message XSS vulnerability
SS-2015-025: Request class name exposure on error
SS-2015-024: Queued jobs serialised data exposure
SS-2015-023: Advanced workflow member field exposure
SS-2015-022: XML escape RSSFeed $link parameter
SS-2015-021: Hash rewrite URL filtering
SS-2015-020: Privilege Escalation Risk in Security Admin
SS-2015-019: Leaky draft stage risk
SS-2015-018: File upload exposure on UserForms module
SS-2015-017: Forum Module CSRF Vulnerability
SS-2015-016: XSS in install.php
SS-2015-015: XSS in dev/build returnURL Parameter
SS-2015-014: Vulnerability on "isDev", "isTest" and "flush" $_GET validation
SS-2015-013: X-Forwarded-Host request hostname injection
SS-2015-012: External redirection risk in Security?ReturnURL
SS-2015-011: Potential SQL Injection Vulnerability
SS-2015-010: XSS in Director::force_redirect()
SS-2015-009: XSS In rewritten hash links
SS-2015-008: SiteTree Creation Permission Vulnerability
SS-2015-007: XSS In FormAction
SS-2015-006: XSS In GridField print
SS-2015-005: VirtualPage XSS
SS-2015-004: TreeDropdownField and TreeMultiSelectField XSS
SS-2015-003: History XSS Vulnerability
SS-2015-001: Debug information exposed
SS-2014-018
SS-2014-017: XML Quadratic Blowup Attack
SS-2014-016
SS-2014-015: IE requests not properly behaving with rewritehashlinks
SS-2014-014
SS-2014-013
SS-2014-012
SS-2014-011
SS-2014-009
SS-2014-008
SS-2014-007
SS-2014-006
SS-2014-005
SS-2014-004
SS-2014-003
SS-2014-002
SS-2014-001
SS-2013-001: Require ADMIN for ?flush=1
SS-2013-002: SQL injection in Versioned.php
Undefined or empty `$allowed_actions` overrides parent definitions
Information exposure through web access on YAML configuration files
Information exposure through web access on composer files
Require ADMIN permissions for ?showtemplate=1
Stored XSS in the "New Group" dialog, XSS in CMS status messages
Older releases
SS-2013-003: Privilege escalation through Group hierarchy setting
SS-2013-004: Privilege escalation through Group and Member CSV upload
SS-2013-005: Privilege escalation with APPLY_ROLES
SS-2013-006: Information disclosure in Versioned.php
SS-2013-007: XSS in CMS "Security" section
SS-2013-008: XSS in form validation errors
SS-2013-009: XSS in CMS "Pages" section
Release Archive
Changelog
Version Control
About the release process
Demo
Company
Products
Services
Web development
Agile Consulting
Code Reviews
Training
Our work
About
Our Team
We're Hiring
Open Source
Agile
History
Awards
Blog
Partners
Contact
Platform
Features
Deployment
Security
Pricing
Code Care
Agencies
Technical
Enquire
Login
Site Menu
SilverStripe
Open Source
Software
Community
Learn
Blog
Download
Demo
Company
Products
Services
Our work
About
Blog
Partners
Contact
Platform
Features
Pricing
Code Care
Agencies
Technical
Enquire
Login
Add-ons
Themes
Vendors
Authors
Tags
Submit
Modules and Themes
Search for
Search Add-ons
Add-on type
Modules and themes
Modules
Themes
Compatible SilverStripe versions
4.0
3.7
3.6
3.5
3.4
3.3
3.2
3.1
3.0
2.4
Sort by
Best match
Name
Most downloaded
Average downloads per day
Newest
There are no add-ons to display.
