Cross-Site Scripting Vulnerability in Silverstripe Framework by Silverstripe
CVE-2022-38146

5.4MEDIUM

Key Information:

Vendor: Silverstripe
Status: Framework
Vendor: CVE Published:; 21 November 2022

🔔 Create Silverstripe Vulnerability Alert

What is CVE-2022-38146?

The XSS vulnerability in Silverstripe's framework allows attackers to inject malicious scripts into web applications, potentially compromising the security of user data and interactions. This issue affects versions of silverstripe/framework up to and including 4.11, making it crucial for users to apply patches and security updates to safeguard their applications from exploitation.

References

https://www.silverstripe.org/download/security-releases/

https://www.silverstripe.org/blog/tag/release

https://forum.silverstripe.org/c/releases

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 21, 2022
Vulnerability Reserved
Aug 10, 2022

CVE-2022-38146 Data

JSON