First published: Sun Nov 21 2021(Updated: )
CVE-2022-37430 - Stored XSS using uppercase characters in HTMLEditor
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
composer/silverstripe/framework | >=4.0.0<4.11.13 | |
Silverstripe Framework | >=3.0.0<4.11.13 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-37430 is a vulnerability in the Silverstripe framework that allows for a stored cross-site scripting (XSS) attack.
CVE-2022-37430 works by allowing an attacker to inject malicious scripts or HTML code into the href attribute of a link.
The severity level of CVE-2022-37430 is medium, with a severity score of 5.4.
Silverstripe framework versions from 4.0.0 up to and excluding 4.11.13 are affected by CVE-2022-37430.
To fix CVE-2022-37430, it is recommended to upgrade to a version of Silverstripe framework that is above 4.11.13.