First published: Mon Jun 27 2022(Updated: )
CVE-2022-28803: Stored XSS in link tags added via XHR
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
composer/silverstripe/framework | >=4.0.0<4.10.9 | |
Silverstripe silverstripe | <4.10.9 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-28803
Stored XSS in link tags added via XHR
In SilverStripe Framework through 2022-04-07, Stored XSS can occur in javascript link tags added via XMLHttpRequest (XHR).
SilverStripe Framework versions 4.0.0 up to 4.10.9 and Silverstripe CMS.
The severity keyword is medium, and the severity value is 5.4.
The CWE ID for this vulnerability is CWE-79.
You can find more information about this vulnerability on the SilverStripe website.