Cross Site Scripting Vulnerability in Craft CMS by Craft
CVE-2022-37248

5.4MEDIUM

Key Information:

Vendor: Craftcms
Status: Craft Cms
Vendor: CVE Published:; 16 September 2022

What is CVE-2022-37248?

Craft CMS version 4.2.0.1 has a vulnerability that allows attackers to exploit Cross Site Scripting (XSS) through the src/helpers/Cp.php file. This type of vulnerability can enable an attacker to inject malicious scripts into web pages viewed by users, potentially leading to unauthorized access or data theft. It is crucial for users to apply necessary patches or updates to safeguard their applications against such security threats.

References

https://github.com/craftcms/cms/commit/cedeba0609e4b173cd...

x_refsource_MISC

https://labs.integrity.pt/advisories/cve-2022-37248/

x_refsource_MISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 16, 2022
Vulnerability Reserved
Aug 1, 2022

Craftcms

What is CVE-2022-37248?

References

CVSS V3.1

Timeline