Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Silverstripe silverstripe/cms through 4.11.0 allows XSS.
Advisories for Composer/Silverstripe/Secureassets package
2022
Business Logic Errors
Business Logic Errors in GitHub repository silverstripe/silverstripe-framework
2021
Incorrect Authorization
Default SilverStripe GraphQL Server (aka silverstripe/graphql) permission checker is not inherited by query subclass.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
SilverStripe Framework suffers from a XSS vulnerablity.