CVE-2022-37429
published 2022-11-23CVE-2022-37429: Silverstripe silverstripe/framework through 4.11 allows XSS (issue 1 of 2) via JavaScript payload to the href attribute of a link by splitting a javascript URL…
PriorityP423medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
EPSS
0.47%
37.4th percentile
Silverstripe silverstripe/framework through 4.11 allows XSS (issue 1 of 2) via JavaScript payload to the href attribute of a link by splitting a javascript URL with white space characters.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| silverstripe | framework | >= 3.0.0 < 4.11.13 | 4.11.13 |
| silverstripe | framework | >= 4.0.0 < 4.11.13 | 4.11.13 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Stored XSS using HTMLEditor
osv·2022-11-21
CVE-2022-37429 [MEDIUM] Stored XSS using HTMLEditor
Stored XSS using HTMLEditor
A malicious content author could add a JavaScript payload to the href attribute of a link by splitting a javascript URL with white space characters.
An attacker must have access to the CMS to exploit this issue.
GHSA
Stored XSS using HTMLEditor
ghsa·2022-11-21
CVE-2022-37429 [MEDIUM] CWE-79 Stored XSS using HTMLEditor
Stored XSS using HTMLEditor
A malicious content author could add a JavaScript payload to the href attribute of a link by splitting a javascript URL with white space characters.
An attacker must have access to the CMS to exploit this issue.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://forum.silverstripe.org/c/releaseshttps://www.silverstripe.org/blog/tag/releasehttps://www.silverstripe.org/download/security-releases/https://www.silverstripe.org/download/security-releases/CVE-2022-37429https://forum.silverstripe.org/c/releaseshttps://www.silverstripe.org/blog/tag/releasehttps://www.silverstripe.org/download/security-releases/https://www.silverstripe.org/download/security-releases/CVE-2022-37429
2022-11-23
Published