Stored Cross Site Scripting in Craft CMS by Pixel & Tonic
CVE-2022-37250

5.4MEDIUM

Key Information:

Vendor: Craftcms
Status: Craft Cms
Vendor: CVE Published:; 16 September 2022

What is CVE-2022-37250?

Craft CMS version 4.2.0.1 contains a vulnerability that allows an attacker to exploit Stored Cross Site Scripting (XSS) through the /admin/myaccount endpoint. This issue allows malicious scripts to be stored and executed within the context of the web application, potentially compromising user interactions and data security. It is essential for users of this product to apply remedial measures to protect their systems from unauthorized access and data breaches.

References

https://github.com/craftcms/cms/commit/cdc9cb66d0716c9552...

x_refsource_MISC

https://labs.integrity.pt/advisories/cve-2022-37250/

x_refsource_MISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Sep 16, 2022
Vulnerability Reserved
Aug 1, 2022

Craftcms

What is CVE-2022-37250?

References

CVSS V3.1

Timeline