First published: Sun Nov 21 2021(Updated: )
CVE-2022-38147 - XSS via uploaded gpx file
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
composer/silverstripe/assets | >=1.0.0<1.11.1 | |
Silverstripe Framework | >=1.0.0<1.11.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-38147 is a vulnerability that allows XSS (Cross-Site Scripting) through an uploaded GPX (GPS Exchange Format) file in Silverstripe Framework.
CVE-2022-38147 has a severity rating of medium with a CVSS score of 5.4.
Silverstripe/Framework versions 1.0.0 through 1.11.1 are affected by CVE-2022-38147.
To fix CVE-2022-38147, upgrade Silverstripe/Framework to version 1.11.2 or higher.
More information about CVE-2022-38147 can be found on the Silverstripe security releases page and the Silverstripe forum.