Vulnerability Details CVE-2022-38145
Silverstripe silverstripe/framework through 4.11 allows XSS (issue 1 of 3) via remote attackers adding a Javascript payload to a page's meta description and get it executed in the versioned history compare view.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 46.1%
CVSS Severity
CVSS v3 Score 5.4
References
- https://forum.silverstripe.org/c/releases
- https://www.silverstripe.org/blog/tag/release
- https://www.silverstripe.org/download/security-releases/
- https://www.silverstripe.org/download/security-releases/CVE-2022-38145
- https://forum.silverstripe.org/c/releases
- https://www.silverstripe.org/blog/tag/release
- https://www.silverstripe.org/download/security-releases/
- https://www.silverstripe.org/download/security-releases/CVE-2022-38145
Products affected by CVE-2022-38145
-
cpe:2.3:a:silverstripe:framework:*