First published: Fri Sep 16 2022(Updated: )
Craft CMS 4.2.0.1 is vulnerable to Cross Site Scripting (XSS) via src/helpers/Cp.php.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Craftcms Craft Cms | =4.2.0.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2022-37248 is medium with a severity value of 5.4.
CVE-2022-37248 affects Craft CMS 4.2.0.1 by allowing Cross-Site Scripting (XSS) attacks through the src/helpers/Cp.php file.
Yes, Craft CMS 4.2.0.1 is the only affected version.
To fix CVE-2022-37248, update Craft CMS to a version that includes the patch provided by Craft CMS. Refer to the official Craft CMS documentation for the latest updates.
You can find more information about CVE-2022-37248 on the GitHub commit and the advisory published by Integrity.