Skip to main content

Framework

27 CVEs product

Monthly

CVE-2025-30148 PHP MEDIUM PATCH This Month

Silverstripe Framework is a PHP framework which powers the Silverstripe CMS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

PHP XSS Framework
NVD GitHub
CVSS 3.1
5.4
EPSS
0.2%
CVE-2025-27515 PHP MEDIUM PATCH This Month

Laravel is a web application framework. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Framework Laravel
NVD GitHub
CVSS 4.0
6.9
EPSS
0.2%
CVE-2024-53277 PHP MEDIUM PATCH This Month

Silverstripe Framework is a PHP framework which powers the Silverstripe CMS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

PHP XSS Framework
NVD GitHub
CVSS 3.1
5.4
EPSS
1.1%
CVE-2024-52301 PHP HIGH PATCH This Week

Laravel is a web application framework. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Information Disclosure Framework Debian Linux
NVD GitHub
CVSS 4.0
8.7
EPSS
38.0%
CVE-2024-9443 MEDIUM PATCH This Month

The Basticom Framework plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.5.0 due to insufficient input sanitization and. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Framework
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-32981 PHP MEDIUM PATCH This Month

Silverstripe framework is the PHP framework forming the base for the Silverstripe CMS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

PHP XSS Framework
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-4337 HIGH This Week

Adive Framework 2.0.8, does not sufficiently encode user-controlled inputs, resulting in a persistent Cross-Site Scripting (XSS) vulnerability via the /adive/admin/nav/add, in multiple parameters. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Framework
NVD
CVSS 3.1
7.4
EPSS
0.4%
CVE-2024-4336 HIGH This Week

Adive Framework 2.0.8, does not sufficiently encode user-controlled inputs, resulting in a persistent Cross-Site Scripting (XSS) vulnerability via the /adive/admin/tables/add, in multiple parameters. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Framework
NVD
CVSS 3.1
7.4
EPSS
0.4%
CVE-2023-22729 PHP MEDIUM PATCH This Month

Silverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

Open Redirect Framework
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-22728 PHP MEDIUM PATCH This Month

Silverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Framework
NVD GitHub
CVSS 3.1
4.3
EPSS
0.5%
CVE-2022-4414 MEDIUM PATCH This Month

Cross-site Scripting (XSS) - DOM in GitHub repository nuxt/framework prior to v3.0.0-rc.13. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Framework
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-4413 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Reflected in GitHub repository nuxt/framework prior to v3.0.0-rc.13. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Framework
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-38147 PHP MEDIUM PATCH This Month

Silverstripe silverstripe/framework through 4.11 allows XSS (issue 3 of 3). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Framework
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-38145 PHP MEDIUM PATCH This Month

Silverstripe silverstripe/framework through 4.11 allows XSS (issue 1 of 3) via remote attackers adding a Javascript payload to a page's meta description and get it executed in the versioned history. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Framework
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-37430 PHP MEDIUM PATCH This Month

Silverstripe silverstripe/framework through 4.11 allows XSS vulnerability via href attribute of a link (issue 2 of 2). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Framework
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-37429 PHP MEDIUM PATCH This Month

Silverstripe silverstripe/framework through 4.11 allows XSS (issue 1 of 2) via JavaScript payload to the href attribute of a link by splitting a javascript URL with white space characters. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Framework
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-38724 PHP MEDIUM POC PATCH This Month

Silverstripe silverstripe/framework through 4.11.0, silverstripe/assets through 1.11.0, and silverstripe/asset-admin through 1.11.0 allow XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Asset Admin Assets Framework
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2022-38462 PHP MEDIUM PATCH This Month

Silverstripe silverstripe/framework through 4.11 is vulnerable to XSS by carefully crafting a return URL on a /dev/build or /Security/login request. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Framework
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-38148 PHP HIGH PATCH This Week

Silverstripe silverstripe/framework through 4.11 allows SQL Injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Framework
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-38146 PHP MEDIUM PATCH This Month

Silverstripe silverstripe/framework through 4.11 allows XSS (issue 2 of 3). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Framework
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-25238 PHP MEDIUM PATCH This Month

Silverstripe silverstripe/framework through 4.10.0 allows XSS, inside of script tags that can can be added to website content via XHR by an authenticated CMS user if the cwp-core module is not. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Framework
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-43808 PHP MEDIUM POC PATCH This Month

Laravel is a web application framework. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Framework
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-43617 CRITICAL POC PATCH THREAT Act Now

Laravel Framework through 8.70.2 does not sufficiently block the upload of executable PHP content because Illuminate/Validation/Concerns/ValidatesAttributes.php lacks a check for .phar files, which. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

Debian PHP File Upload Framework
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
19.8%
CVE-2020-7991 HIGH POC This Week

Adive Framework 2.0.8 has admin/config CSRF to change the Administrator password. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Framework
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
3.1%
CVE-2020-7990 MEDIUM POC This Month

Adive Framework 2.0.8 has admin/user/add userName XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Framework
NVD GitHub Exploit-DB
CVSS 3.1
6.1
EPSS
0.9%
CVE-2020-7989 MEDIUM POC This Month

Adive Framework 2.0.8 has admin/user/add userUsername XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Framework
NVD GitHub Exploit-DB
CVSS 3.1
6.1
EPSS
0.9%
CVE-2019-14987 MEDIUM This Month

Adive Framework through 2.0.7 is affected by XSS in the Create New Table and Create New Navigation Link functions. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Framework
NVD
CVSS 3.0
4.8
EPSS
0.6%
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Silverstripe Framework is a PHP framework which powers the Silverstripe CMS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

PHP XSS Framework
NVD GitHub
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

Laravel is a web application framework. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Framework Laravel
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

Silverstripe Framework is a PHP framework which powers the Silverstripe CMS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

PHP XSS Framework
NVD GitHub
EPSS 38% CVSS 8.7
HIGH PATCH This Week

Laravel is a web application framework. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Information Disclosure Framework +1
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

The Basticom Framework plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.5.0 due to insufficient input sanitization and. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Framework
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Silverstripe framework is the PHP framework forming the base for the Silverstripe CMS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

PHP XSS Framework
NVD GitHub
EPSS 0% CVSS 7.4
HIGH This Week

Adive Framework 2.0.8, does not sufficiently encode user-controlled inputs, resulting in a persistent Cross-Site Scripting (XSS) vulnerability via the /adive/admin/nav/add, in multiple parameters. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Framework
NVD
EPSS 0% CVSS 7.4
HIGH This Week

Adive Framework 2.0.8, does not sufficiently encode user-controlled inputs, resulting in a persistent Cross-Site Scripting (XSS) vulnerability via the /adive/admin/tables/add, in multiple parameters. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Framework
NVD
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

Silverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

Open Redirect Framework
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Silverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Framework
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

Cross-site Scripting (XSS) - DOM in GitHub repository nuxt/framework prior to v3.0.0-rc.13. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Framework
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Reflected in GitHub repository nuxt/framework prior to v3.0.0-rc.13. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Framework
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

Silverstripe silverstripe/framework through 4.11 allows XSS (issue 3 of 3). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Framework
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

Silverstripe silverstripe/framework through 4.11 allows XSS (issue 1 of 3) via remote attackers adding a Javascript payload to a page's meta description and get it executed in the versioned history. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Framework
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

Silverstripe silverstripe/framework through 4.11 allows XSS vulnerability via href attribute of a link (issue 2 of 2). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Framework
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Silverstripe silverstripe/framework through 4.11 allows XSS (issue 1 of 2) via JavaScript payload to the href attribute of a link by splitting a javascript URL with white space characters. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Framework
NVD
EPSS 1% CVSS 5.4
MEDIUM POC PATCH This Month

Silverstripe silverstripe/framework through 4.11.0, silverstripe/assets through 1.11.0, and silverstripe/asset-admin through 1.11.0 allow XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Asset Admin Assets +1
NVD
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

Silverstripe silverstripe/framework through 4.11 is vulnerable to XSS by carefully crafting a return URL on a /dev/build or /Security/login request. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Framework
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Silverstripe silverstripe/framework through 4.11 allows SQL Injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Framework
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

Silverstripe silverstripe/framework through 4.11 allows XSS (issue 2 of 3). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Framework
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

Silverstripe silverstripe/framework through 4.10.0 allows XSS, inside of script tags that can can be added to website content via XHR by an authenticated CMS user if the cwp-core module is not. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Framework
NVD
EPSS 1% CVSS 6.1
MEDIUM POC PATCH This Month

Laravel is a web application framework. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Framework
NVD GitHub
EPSS 20% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

Laravel Framework through 8.70.2 does not sufficiently block the upload of executable PHP content because Illuminate/Validation/Concerns/ValidatesAttributes.php lacks a check for .phar files, which. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

Debian PHP File Upload +1
NVD GitHub Exploit-DB
EPSS 3% CVSS 8.8
HIGH POC This Week

Adive Framework 2.0.8 has admin/config CSRF to change the Administrator password. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Framework
NVD GitHub Exploit-DB
EPSS 1% CVSS 6.1
MEDIUM POC This Month

Adive Framework 2.0.8 has admin/user/add userName XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Framework
NVD GitHub Exploit-DB
EPSS 1% CVSS 6.1
MEDIUM POC This Month

Adive Framework 2.0.8 has admin/user/add userUsername XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Framework
NVD GitHub Exploit-DB
EPSS 1% CVSS 4.8
MEDIUM This Month

Adive Framework through 2.0.7 is affected by XSS in the Create New Table and Create New Navigation Link functions. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Framework
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy