CVE-2022-25238: XSS
First published: Mon Jun 27 2022(Updated: )
CVE-2022-25238: Stored XSS via HTML fields
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| composer/silverstripe/framework | >=4.0.0<4.10.9 | |
| Silverstripe Framework | <=4.10.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2022-25238?
CVE-2022-25238 is a vulnerability found in the Silverstripe framework that allows for stored XSS attacks.
How does CVE-2022-25238 work?
CVE-2022-25238 allows an authenticated CMS user to inject malicious script tags into website content via XHR, potentially leading to XSS attacks.
Which versions of Silverstripe framework are affected by CVE-2022-25238?
Silverstripe framework versions 4.0.0 up to, but excluding, 4.10.9 are affected by CVE-2022-25238.
What is the severity of CVE-2022-25238?
CVE-2022-25238 has a severity rating of medium with a CVSS score of 5.4.
How can CVE-2022-25238 be fixed?
To fix CVE-2022-25238, it is recommended to update to Silverstripe framework version 4.10.10 or later, or ensure that the cwp-core module is installed and the sanitise_server_side config is set to true in project code.
- collector/friends-of-php
- collector/nvd-index
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/author
- agent/weakness
- agent/severity
- agent/last-modified-date
- agent/tags
- agent/description
- agent/event
- agent/source
- package-manager/composer
- vendor/silverstripe
- canonical/silverstripe framework
- version/silverstripe framework/4.10.0