CVE-2022-38147
published 2022-11-23CVE-2022-38147: Silverstripe silverstripe/framework through 4.11 allows XSS (issue 3 of 3).
PriorityP424medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
EPSS
0.52%
40.0th percentile
Silverstripe silverstripe/framework through 4.11 allows XSS (issue 3 of 3).
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| silverstripe | assets | >= 1.0.0 < 1.11.1 | 1.11.1 |
| silverstripe | framework | >= 1.0.0 < 1.11.1 | 1.11.1 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
XSS via uploaded gpx file
osv·2022-11-21
CVE-2022-38147 [MEDIUM] XSS via uploaded gpx file
XSS via uploaded gpx file
A malicious content author could upload a GPX file with a Javascript payload. The payload could then be executed by luring a legitimate user to view the file in a browser with support for GPX files. GPX is an XML-based format used to store GPS data.
By default, Silverstripe CMS will no longer allow GPX files to be uploaded to the assets area.
GHSA
XSS via uploaded gpx file
ghsa·2022-11-21
CVE-2022-38147 [MEDIUM] CWE-79 XSS via uploaded gpx file
XSS via uploaded gpx file
A malicious content author could upload a GPX file with a Javascript payload. The payload could then be executed by luring a legitimate user to view the file in a browser with support for GPX files. GPX is an XML-based format used to store GPS data.
By default, Silverstripe CMS will no longer allow GPX files to be uploaded to the assets area.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://forum.silverstripe.org/c/releaseshttps://www.silverstripe.org/blog/tag/releasehttps://www.silverstripe.org/download/security-releases/https://www.silverstripe.org/download/security-releases/CVE-2022-38147https://forum.silverstripe.org/c/releaseshttps://www.silverstripe.org/blog/tag/releasehttps://www.silverstripe.org/download/security-releases/https://www.silverstripe.org/download/security-releases/CVE-2022-38147
2022-11-23
Published