CVE-2022-38724
published 2022-11-23CVE-2022-38724: Silverstripe silverstripe/framework through 4.11.0, silverstripe/assets through 1.11.0, and silverstripe/asset-admin through 1.11.0 allow XSS.
PriorityP425medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
EPSS
0.65%
46.6th percentile
Silverstripe silverstripe/framework through 4.11.0, silverstripe/assets through 1.11.0, and silverstripe/asset-admin through 1.11.0 allow XSS.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| silverstripe | asset_admin | <= 1.11.0 | — |
| silverstripe | assets | >= 1.0.0 < 1.11.1 | 1.11.1 |
| silverstripe | assets | 1.0.0 – 1.11.0 | — |
| silverstripe | framework | >= 4.0.0 < 4.11.13 | 4.11.13 |
| silverstripe | framework | 4.0.0 – 4.11.0 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Silverstripe XSS in shortcodes
osv·2022-11-21
CVE-2022-38724 [MEDIUM] Silverstripe XSS in shortcodes
Silverstripe XSS in shortcodes
A malicious content author could add arbitrary attributes to HTML editor shortcodes which could be used to inject a JavaScript payload on the front end of the site. The shortcode providers that ship with Silverstripe CMS have been reviewed and attribute whitelists have been implemented where appropriate to negate this risk.
GHSA
Silverstripe XSS in shortcodes
ghsa·2022-11-21
CVE-2022-38724 [MEDIUM] CWE-79 Silverstripe XSS in shortcodes
Silverstripe XSS in shortcodes
A malicious content author could add arbitrary attributes to HTML editor shortcodes which could be used to inject a JavaScript payload on the front end of the site. The shortcode providers that ship with Silverstripe CMS have been reviewed and attribute whitelists have been implemented where appropriate to negate this risk.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://forum.silverstripe.org/c/releaseshttps://www.silverstripe.org/blog/tag/releasehttps://www.silverstripe.org/download/security-releases/https://www.silverstripe.org/download/security-releases/CVE-2022-38724https://forum.silverstripe.org/c/releaseshttps://www.silverstripe.org/blog/tag/releasehttps://www.silverstripe.org/download/security-releases/https://www.silverstripe.org/download/security-releases/CVE-2022-38724
2022-11-23
Published