Cross Site Scripting Vulnerability in Craft CMS by Pixel & Tonic
CVE-2022-37251

5.4MEDIUM

Key Information:

Vendor

Craftcms

Status
Craft Cms
Vendor
CVE Published:
16 September 2022

What is CVE-2022-37251?

Craft CMS version 4.2.0.1 is susceptible to a Cross Site Scripting (XSS) vulnerability, which allows attackers to inject malicious scripts into the application via drafts, compromising user interactions and potentially leading to data exposure.

References

http://craft.com
x_refsource_MISC
https://labs.integrity.pt/advisories/cve-2022-37251/
x_refsource_MISC

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.