CVE-2022-37247
published 2022-09-16CVE-2022-37247: Craft CMS 4.2.0.1 is vulnerable to stored a cross-site scripting (XSS) via /admin/settings/fields page.
PriorityP422medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
EPSS
0.45%
35.6th percentile
Craft CMS 4.2.0.1 is vulnerable to stored a cross-site scripting (XSS) via /admin/settings/fields page.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| craftcms | cms | >= 4.0.0-RC1 < 4.2.1 | 4.2.1 |
| craftcms | craft_cms | — | — |
CVSS provenance
nvdv3.15.4MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
vendor_redhat5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Craft CMS vulnerable to stored Cross-site Scripting via /admin/settings/fields page
ghsa·2022-09-17
CVE-2022-37247 [MEDIUM] CWE-79 Craft CMS vulnerable to stored Cross-site Scripting via /admin/settings/fields page
Craft CMS vulnerable to stored Cross-site Scripting via /admin/settings/fields page
Craft CMS 4.2.0.1 is vulnerable to stored a cross-site scripting (XSS) via /admin/settings/fields page.
OSV
Craft CMS vulnerable to stored Cross-site Scripting via /admin/settings/fields page
osv·2022-09-17
CVE-2022-37247 [MEDIUM] Craft CMS vulnerable to stored Cross-site Scripting via /admin/settings/fields page
Craft CMS vulnerable to stored Cross-site Scripting via /admin/settings/fields page
Craft CMS 4.2.0.1 is vulnerable to stored a cross-site scripting (XSS) via /admin/settings/fields page.
Red Hat
kernel: md: Replace snprintf with scnprintf
vendor_redhat·2025-09-15·CVSS 5.5
CVE-2022-50299 [MEDIUM] CWE-190 kernel: md: Replace snprintf with scnprintf
kernel: md: Replace snprintf with scnprintf
In the Linux kernel, the following vulnerability has been resolved:
md: Replace snprintf with scnprintf
Current code produces a warning as shown below when total characters
in the constituent block device names plus the slashes exceeds 200.
snprintf() returns the number of characters generated from the given
input, which could cause the expression “200 – len” to wrap around
to a large positive number. Fix this by using scnprintf() instead,
which returns the actual number of characters written into the buffer.
[ 1513.267938] ------------[ cut here ]------------
[ 1513.267943] WARNING: CPU: 15 PID: 37247 at /lib/vsprintf.c:2509 vsnprintf+0x2c8/0x510
[ 1513.267944] Modules linked in:
[ 1513.267969] CPU: 15 PID: 37247 Comm: mdadm Not tainted 5.4.0-1
No detection rules found.
No public exploits indexed.
2022-09-16
Published