Site Navigation
Mobile site navigation
Search
Site search
CMS
Screencasts
Framework
Addons
Modules
Themes
Vendors
Authors
Tags
Submit
Supported Modules Definition
Commercially Supported Modules
Hosting
Roadmap
History
Feedback and reviews
BSD License
Software
CMS
Screencasts
Framework
Addons
Modules
Themes
Vendors
Authors
Tags
Submit
Supported Modules Definition
Commercially Supported Modules
Hosting
Roadmap
History
Feedback and reviews
BSD License
Community
Developer directory
Showcase
New Submission
Forums
Slack
Join us
Contribute
Designers
Community dashboard
Github All Open UX issues
Learn
Using the CMS
Developer Docs
API Docs
Lessons
Lessons (v4)
Lessons (v3)
Blog
Download
Addons
Security Releases
CVE-2019-12245: Incorrect access control vulnerability in files uploaded to protected folders
CVE-2019-12149: Potential SQL injection in restfulserver and registry modules
CVE-2019-12246: Denial of Service on flush and development URL tools
CVE-2019-12437: Cross Site Request Forgery (CSRF) Protection Bypass in GraphQL
CVE-2019-5715: Reflected SQL Injection through Form and DataObject
SS-2018-024: GraphQL does not validate X-CSRF-TOKEN
SS-2018-020: Potential SQL vulnerability in PostgreSQL database connector
SS-2018-019: Possible denial of service attack vector when flushing
SS-2018-018: Database credentials disclosure during connection failure
SS-2018-017: Possible PHP Object Injection via Multi-Value Field Extension
SS-2018-016: Unsafe SQL Query Construction (Safe Data Source)
SS-2018-015: Vulnerable dependency
SS-2018-014: Dangerous file types in allowed upload
SS-2018-013: Passwords sent back to browsers under some circumstances
SS-2018-012: Uploaded PHP script execution in assets
SS-2018-011: SQL injection vulnerability
SS-2018-010: Member disclosure in login form
SS-2018-008: BackURL validation bypass with malformed URLs
SS-2018-007: CSRF vulnerability in graphql
SS-2018-007: GraphQL lacks CSRF
SS-2018-006: Code execution vulnerability
SS-2018-005: isDev and isTest unguarded
SS-2018-004: XSS Vulnerability via WYSIWYG editor
SS-2018-001: Privilege Escalation Risk in Member Edit form
SS-2017-010: install.php discloses sensitive data by pre-populating DB credential forms
SS-2017-009: Users inadvertently passing sensitive data to LoginAttempt
SS-2017-008: SQL injection in full text search of SilverStripe 4
SS-2017-007: CSV Excel Macro Injection
SS-2017-006: Session user agent change detection
SS-2017-005: User enumeration via timing attack on login and password reset forms
SS-2017-004: XSS in page history comparison
SS-2017-003: XSS in RedirectorPage
SS-2017-002: Member disclosure in login form
SS-2017-001: XSS In page name
SS-2016-017: SVG Uploads
SS-2016-016: XSS In CMSSecurity BackURL
SS-2016-015: XSS In OptionsetField and CheckboxSetField
SS-2016-014: Pre-existing alc_enc cookies log users in if remember me is disabled
SS-2016-013: Member.Name isn't escaped
SS-2016-012: Missing ACL on reports
SS-2016-011: ChangePasswordForm doesn't check Member::canLogIn()
SS-2016-010: ReadOnly transformation for formfields exploitable
SS-2016-008: Password encryption salt expiry
SS-2016-007: VersionedRequestFilter vulnerability
SS-2016-006: Missing CSRF protection in login form
SS-2016-005: Brute force bypass on default admin
SS-2016-004: XSS in CMS Edit Page
SS-2016-003: Hostname, IP and Protocol Spoofing through HTTP Headers
SS-2016-002: CSRF vulnerability in GridFieldAddExistingAutocompleter
SS-2016-001: XSS in CMSController BackURL
SS-2015-029: CSRF vulnerability in savetreenodes
SS-2015-028: Missing security check on dev/build/defaults
SS-2015-027: HtmlEditor embed url sanitisation
SS-2015-026: Form field validation message XSS vulnerability
SS-2015-025: Request class name exposure on error
SS-2015-024: Queued jobs serialised data exposure
SS-2015-023: Advanced workflow member field exposure
SS-2015-022: XML escape RSSFeed $link parameter
SS-2015-021: Hash rewrite URL filtering
SS-2015-020: Privilege Escalation Risk in Security Admin
SS-2015-019: Leaky draft stage risk
SS-2015-018: File upload exposure on UserForms module
SS-2015-017: Forum Module CSRF Vulnerability
SS-2015-016: XSS in install.php
SS-2015-015: XSS in dev/build returnURL Parameter
SS-2015-014: Vulnerability on "isDev", "isTest" and "flush" $_GET validation
SS-2015-013: X-Forwarded-Host request hostname injection
SS-2015-012: External redirection risk in Security?ReturnURL
SS-2015-011: Potential SQL Injection Vulnerability
SS-2015-010: XSS in Director::force_redirect()
SS-2015-009: XSS In rewritten hash links
SS-2015-008: SiteTree Creation Permission Vulnerability
SS-2015-007: XSS In FormAction
SS-2015-006: XSS In GridField print
SS-2015-005: VirtualPage XSS
SS-2015-004: TreeDropdownField and TreeMultiSelectField XSS
SS-2015-003: History XSS Vulnerability
SS-2015-001: Debug information exposed
SS-2014-018
SS-2014-017: XML Quadratic Blowup Attack
SS-2014-016
SS-2014-015: IE requests not properly behaving with rewritehashlinks
SS-2014-014
SS-2014-013
SS-2014-012
SS-2014-011
SS-2014-010
SS-2014-009
SS-2014-008
SS-2014-007
SS-2014-006
SS-2014-005
SS-2014-004
SS-2014-003
SS-2014-002
SS-2014-001
SS-2013-001: Require ADMIN for ?flush=1
SS-2013-002: SQL injection in Versioned.php
Undefined or empty `$allowed_actions` overrides parent definitions
Information exposure through web access on YAML configuration files
Information exposure through web access on composer files
Require ADMIN permissions for ?showtemplate=1
Stored XSS in the "New Group" dialog, XSS in CMS status messages
Older releases
SS-2013-003: Privilege escalation through Group hierarchy setting
SS-2013-004: Privilege escalation through Group and Member CSV upload
SS-2013-005: Privilege escalation with APPLY_ROLES
SS-2013-006: Information disclosure in Versioned.php
SS-2013-007: XSS in CMS "Security" section
SS-2013-008: XSS in form validation errors
SS-2013-009: XSS in CMS "Pages" section
CVE-2019-16409 secureassets and versionedfiles modules can expose versions of protected files
CVE-2019-14273 Broken Access control on files
CVE-2019-12617 Access escalation for CMS users with limited access through permission cache pollution
CVE-2019-12203 Session fixation in "change password" form
CVE-2019-12204 Missing warning on install.php on public webroot can lead to unauthenticated admin access
CVE-2019-14272 XSS in file titles managed through the CMS
CVE-2019-12205 Flash Clipboard Reflected XSS
Release Archive
Changelog
Release process
Try
Site Menu
SilverStripe
Software
CMS
Framework
Addons
Hosting
Roadmap
History
BSD License
Community
Developer directory
Showcase
Forums
Slack
Join us
Contribute
Learn
Using the CMS
Developer Docs
API Docs
Lessons
Blog
Download
Addons
Security Releases
Release Archive
Changelog
Release process
Try
×
Search
Site search
Add-ons
Themes
Vendors
Authors
Tags
Submit
Modules and Themes
Search for
Search Add-ons
Add-on type
Modules and themes
Modules
Themes
Compatible SilverStripe versions
5.0
4.13
4.12
4.11
4.10
4.9
4.8
4.7
4.6
4.5
4.4
4.3
4.2
4.1
4.0
3.7
3.6
3.5
3.0
2.4
Sort by
Best match
Name
Most downloaded
Average downloads per day
Newest
hudhaifas/silverstripe-data-progress
Show the progress of the data completion.
131
hudhaifas/silverstripe-member-visits
Show the progress of the data completion.
46