GHSA-66jf-xm2m-7m8r
- Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/11/GHSA-66jf-xm2m-7m8r/GHSA-66jf-xm2m-7m8r.json
- Aliases
-
- CVE-2022-38145
- Published
- 2022-11-22T00:00:16Z
- Modified
- 2023-04-11T01:33:53.989276Z
- Details
-
A malicious content author could add a Javascript payload to a page's meta description and get it executed in the versioned history compare view.
This vulnerability requires access to the CMS to be deployed. The attacker must then convince a privileged user to access the version history for that page.
- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2022-38145
- https://forum.silverstripe.org/c/releases
- https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/versioned-admin/CVE-2022-38145.yaml
- https://www.silverstripe.org/blog/tag/release
- https://www.silverstripe.org/download/security-releases/
- https://www.silverstripe.org/download/security-releases/cve-2022-38145
Affected packages
Packagist / silverstripe/versioned-admin
Source Details
- Package Name
- silverstripe/versioned-admin
Affected versions
1.*
1.0.0
1.1.0-rc1
1.1.0
1.1.1
1.1.2
1.1.3
1.1.4
1.1.5
1.2.0-rc1
1.2.0
1.2.1
1.2.2
1.2.3
1.2.4
1.3.0-alpha1
1.3.0-rc1
1.3.0-rc2
1.3.0
1.3.1
1.6.0-beta1
1.6.0-rc1
1.6.0
1.6.1
1.7.0-beta1
1.7.0-rc1
1.7.0
1.7.1
1.7.2
1.7.3
1.8.0-beta1
1.8.0-beta2
1.8.0-rc1
1.8.0
1.8.1
1.9.0-alpha1
1.9.0-beta1
1.9.0-rc1
1.9.0
1.9.1
1.10.0-beta1
1.10.0-rc1
1.10.0
1.10.1
1.11.0-beta1
1.11.0-rc1
1.11.0