GHSA-66jf-xm2m-7m8r
- Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/11/GHSA-66jf-xm2m-7m8r/GHSA-66jf-xm2m-7m8r.json
- Aliases
-
- CVE-2022-38145
- Published
- 2022-11-22T00:00:16Z
- Modified
- 2022-11-23T17:54:53.735051Z
- Details
-
A malicious content author could add a Javascript payload to a page's meta description and get it executed in the versioned history compare view.
This vulnerability requires access to the CMS to be deployed. The attacker must then convince a privileged user to access the version history for that page.
- References
Affected packages
Packagist / silverstripe/versioned-admin
silverstripe/versioned-admin
Affected versions
1.*
1.0.0
1.1.0
1.1.0-rc1
1.1.1
1.1.2
1.1.3
1.1.4
1.1.5
1.10.0
1.10.0-beta1
1.10.0-rc1
1.10.1
1.11.0
1.11.0-beta1
1.11.0-rc1
1.2.0
1.2.0-rc1
1.2.1
1.2.2
1.2.3
1.2.4
1.3.0
1.3.0-alpha1
1.3.0-rc1
1.3.0-rc2
1.3.1
1.6.0
1.6.0-beta1
1.6.0-rc1
1.6.1
1.7.0
1.7.0-beta1
1.7.0-rc1
1.7.1
1.7.2
1.7.3
1.8.0
1.8.0-beta1
1.8.0-beta2
1.8.0-rc1
1.8.1
1.9.0
1.9.0-alpha1
1.9.0-beta1
1.9.0-rc1
1.9.1