CVE-2022-37246
published 2022-09-21CVE-2022-37246: Craft CMS 4.2.0.1 is affected by Cross Site Scripting (XSS) in the file src/web/assets/cp/src/js/BaseElementSelectInput.js and in specific on the line label…
PriorityP423medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
EPSS
0.39%
31.0th percentile
Craft CMS 4.2.0.1 is affected by Cross Site Scripting (XSS) in the file src/web/assets/cp/src/js/BaseElementSelectInput.js and in specific on the line label: elementInfo.label.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| craftcms | cms | >= 3.7.39 < 3.7.51 | 3.7.51 |
| craftcms | cms | >= 4.0.0-RC1 < 4.2.1 | 4.2.1 |
| craftcms | craft_cms | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Craft CMS Cross-site Scripting vulnerability
ghsa·2022-09-22
CVE-2022-37246 [MEDIUM] CWE-79 Craft CMS Cross-site Scripting vulnerability
Craft CMS Cross-site Scripting vulnerability
Craft CMS 4.2.0.1 is affected by Cross Site Scripting (XSS) in the file src/web/assets/cp/src/js/BaseElementSelectInput.js and in specific on the line `label: elementInfo.label`.
OSV
Craft CMS Cross-site Scripting vulnerability
osv·2022-09-22
CVE-2022-37246 [MEDIUM] Craft CMS Cross-site Scripting vulnerability
Craft CMS Cross-site Scripting vulnerability
Craft CMS 4.2.0.1 is affected by Cross Site Scripting (XSS) in the file src/web/assets/cp/src/js/BaseElementSelectInput.js and in specific on the line `label: elementInfo.label`.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-09-21
Published