GHSA-wxvf-839f-jqmh
Suggest an improvement- Source
- https://github.com/advisories/GHSA-wxvf-839f-jqmh
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/09/GHSA-wxvf-839f-jqmh/GHSA-wxvf-839f-jqmh.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-wxvf-839f-jqmh
- Aliases
- Published
- 2022-09-17T00:00:36Z
- Modified
- 2024-02-16T08:23:36.812247Z
- Severity
-
- 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- Craft CMS Cross site Scripting vulnerability
- Details
-
Craft CMS 4.2.0.1 is vulnerable to Cross Site Scripting (XSS) via
src/helpers/Cp.php. - Database specific
{ "nvd_published_at": "2022-09-16T16:15:00Z", "cwe_ids": [ "CWE-79" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2022-09-20T21:32:03Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2022-37248
- https://github.com/craftcms/cms/commit/cedeba0609e4b173cd584dae7f33c5f713f19627
- https://github.com/craftcms/cms
- https://github.com/craftcms/cms/blob/3.7.55.1/src/helpers/Cp.php
- https://github.com/craftcms/cms/blob/4.0.0-RC1/src/helpers/Cp.php
- https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#421---2022-08-09
- https://labs.integrity.pt/advisories/cve-2022-37248
Affected packages
Packagist / craftcms/cms
Package
- Name
- craftcms/cms
- Purl
- pkg:composer/craftcms/cms