GHSA-66jf-xm2m-7m8r

Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/11/GHSA-66jf-xm2m-7m8r/GHSA-66jf-xm2m-7m8r.json
Aliases
  • CVE-2022-38145
Published
2022-11-22T00:00:16Z
Modified
2022-11-23T17:54:53.735051Z
Details

A malicious content author could add a Javascript payload to a page's meta description and get it executed in the versioned history compare view.

This vulnerability requires access to the CMS to be deployed. The attacker must then convince a privileged user to access the version history for that page.

References

Affected packages

Packagist / silverstripe/versioned-admin

silverstripe/versioned-admin

Affected ranges

Type
ECOSYSTEM
Events
Introduced
1.0.0
Fixed
1.11.1

Affected versions

1.*

1.0.0
1.1.0
1.1.0-rc1
1.1.1
1.1.2
1.1.3
1.1.4
1.1.5
1.10.0
1.10.0-beta1
1.10.0-rc1
1.10.1
1.11.0
1.11.0-beta1
1.11.0-rc1
1.2.0
1.2.0-rc1
1.2.1
1.2.2
1.2.3
1.2.4
1.3.0
1.3.0-alpha1
1.3.0-rc1
1.3.0-rc2
1.3.1
1.6.0
1.6.0-beta1
1.6.0-rc1
1.6.1
1.7.0
1.7.0-beta1
1.7.0-rc1
1.7.1
1.7.2
1.7.3
1.8.0
1.8.0-beta1
1.8.0-beta2
1.8.0-rc1
1.8.1
1.9.0
1.9.0-alpha1
1.9.0-beta1
1.9.0-rc1
1.9.1