Stored Cross-Site Scripting Vulnerability in Craft CMS by Craft
CVE-2022-37247

5.4MEDIUM

Key Information:

Vendor: Craftcms
Status: Craft Cms
Vendor: CVE Published:; 16 September 2022

What is CVE-2022-37247?

Craft CMS 4.2.0.1 contains a vulnerability that allows for stored cross-site scripting (XSS) attacks via the /admin/settings/fields page. This flaw can be exploited by attackers to inject malicious scripts that can be executed in the context of a user's browser, leading to potential data theft or unauthorized actions. It is crucial for users of this version to implement necessary security measures to mitigate risks associated with this vulnerability.

References

https://github.com/craftcms/cms/commit/cedeba0609e4b173cd...

x_refsource_MISC

https://labs.integrity.pt/advisories/cve-2022-37247/

x_refsource_MISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 16, 2022
Vulnerability Reserved
Aug 1, 2022

Craftcms

What is CVE-2022-37247?

References

CVSS V3.1

Timeline