Lucene search
MitreCVE-2022-38724HistoryNov 23, 2022 - 12:15 a.m.
CVE-2022-38724
2022-11-2300:15:10
CWE-79
mitre
web.nvd.nist.gov
49
7
cve-2022-38724
silverstripe
framework
assets
asset-admin
xss
security vulnerability
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
AI Score
5.4
Confidence
High
EPSS
0.001
Percentile
34.8%
Silverstripe silverstripe/framework through 4.11.0, silverstripe/assets through 1.11.0, and silverstripe/asset-admin through 1.11.0 allow XSS.
Affected configurations
Node
silverstripeasset_adminRange≤1.11.0
ORsilverstripeassetsRange1.0.0–1.11.0
ORsilverstripeframeworkRange4.0.0–4.11.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| silverstripe | asset_admin | * | cpe:2.3:a:silverstripe:asset_admin:*:*:*:*:*:*:*:* |
| silverstripe | assets | * | cpe:2.3:a:silverstripe:assets:*:*:*:*:*:*:*:* |
| silverstripe | framework | * | cpe:2.3:a:silverstripe:framework:*:*:*:*:*:*:*:* |
References
Social References
More
Related
veracode
veracode
Cross-site Scripting (XSS)
2022-11-24 05:03:11
cvelist
cvelist
CVE-2022-38724
2022-11-22 00:00:00
friendsofphp
friendsofphp
CVE-2022-38724 - XSS in shortcodes
2021-11-21 00:00:00
CVE-2022-38724 - XSS in shortcodes
2021-11-21 00:00:00
prion
prion
Cross site scripting
2022-11-23 00:15:00
osv
osv
Silverstripe XSS in shortcodes
2022-11-21 23:58:20
CVE-2022-38724
2022-11-23 00:15:10
nvd
nvd
CVE-2022-38724
2022-11-23 00:15:10
github
github
Silverstripe XSS in shortcodes
2022-11-21 23:58:20
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
AI Score
5.4
Confidence
High
EPSS
0.001
Percentile
34.8%
Related for CVE-2022-38724