Steve Boyd

3 exploits Active since Jun 2022
CVE-2022-29858 WRITEUP MEDIUM WRITEUP
Silverstripe Assets < 1.10.1 - Authentication Bypass
Silverstripe silverstripe/assets through 1.10 is vulnerable to improper access control that allows protected images to be published by changing an existing image short code on website content.
CVSS 4.3
CVE-2025-25197 WRITEUP MEDIUM WRITEUP
Silverstripe Elemental <5.3.12 - XSS
Silverstripe Elemental extends a page type to swap the content area for a list of manageable elements to compose a page out of rather than a single text field. An elemental block can include an XSS payload, which can be executed when viewing the "Content blocks in use" report. The vulnerability is specific to that report and is a result of failure to cast input prior to including it in the grid field. This vulnerability is fixed in 5.3.12.
CVSS 5.4
CVE-2025-30148 WRITEUP MEDIUM WRITEUP
Silverstripe Framework <5.3.23 - XSS
Silverstripe Framework is a PHP framework which powers the Silverstripe CMS. Prior to 5.3.23, bad actor with access to edit content in the CMS could send a specifically crafted encoded payload to the server, which could be used to inject a JavaScript payload on the front end of the site. The payload would be sanitized on the client-side, but server-side sanitization doesn't catch it. The server-side sanitization logic has been updated to sanitize against this attack. This vulnerability is fixed in 5.3.23.
CVSS 5.4