First published: Sun Nov 21 2021(Updated: )
CVE-2022-37429 - Stored XSS using HTMLEditor
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
composer/silverstripe/framework | >=4.0.0<4.11.13 | |
Silverstripe Framework | >=3.0.0<4.11.13 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-37429 is a vulnerability that allows for stored cross-site scripting (XSS) attacks using the HTMLEditor in Silverstripe framework.
CVE-2022-37429 allows an attacker to execute malicious JavaScript code by injecting it into the href attribute of a link and splitting a JavaScript URL with white space characters.
CVE-2022-37429 has a severity rating of medium with a CVSS score of 5.4.
Silverstripe framework versions 4.0.0 through 4.11.13 and versions 3.0.0 through 4.11.13 are affected by CVE-2022-37429.
To fix CVE-2022-37429, upgrade to a version of Silverstripe framework that is not affected by the vulnerability.