exploitDog

CVE-2022-37246

Опубликовано: 21 сент. 2022

Источник: nvd

CVSS3: 5.4

EPSS Низкий

Описание

Craft CMS 4.2.0.1 is affected by Cross Site Scripting (XSS) in the file src/web/assets/cp/src/js/BaseElementSelectInput.js and in specific on the line label: elementInfo.label.

Ссылки

https://github.com/craftcms/cms/commit/1d5fdba23c84d6d09a8a980c7b6fc52fb93b679b
Patch
Third Party Advisory
https://labs.integrity.pt/advisories/cve-2022-37246/
Patch
Third Party Advisory
https://github.com/craftcms/cms/commit/1d5fdba23c84d6d09a8a980c7b6fc52fb93b679b
Patch
Third Party Advisory
https://labs.integrity.pt/advisories/cve-2022-37246/
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:craftcms:craft_cms:4.2.0.1:*:*:*:*:*:*:*

EPSS

Процентиль: 53%

0.00307

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79

CWE-79

Связанные уязвимости

GHSA-f546-v666-559x

CVSS3: 5.4

github

больше 3 лет назад

Craft CMS Cross-site Scripting vulnerability

EPSS

Процентиль: 53%

0.00307

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79

CWE-79