Cross-Site Scripting in SilverStripe Framework, Assets, and Asset Admin
CVE-2022-38724

5.4MEDIUM

Key Information:

Vendor: Silverstripe
Status: Asset Admin; Assets; Framework
Vendor: CVE Published:; 23 November 2022

🔔 Create Silverstripe Vulnerability Alert

What is CVE-2022-38724?

The SilverStripe framework, along with its Assets and Asset Admin modules, possesses a vulnerability that allows malicious actors to execute unauthorized scripts within web pages viewed by users. This can lead to a range of attacks, from data theft to session hijacking, particularly affecting users who interact with compromised forms or content. Web administrators should apply the necessary updates to mitigate risks associated with this vulnerability.

References

https://www.silverstripe.org/download/security-releases/

https://www.silverstripe.org/blog/tag/release

https://forum.silverstripe.org/c/releases

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 23, 2022
Vulnerability Reserved
Aug 24, 2022

CVE-2022-38724 Data

JSON