Lucene search
HistoryNov 23, 2022 - 2:15 a.m.
CVE-2022-38145
silverstripe
framework
xss
vulnerability
versioned history compare view
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
36.6%
Silverstripe silverstripe/framework through 4.11 allows XSS (issue 1 of 3) via remote attackers adding a Javascript payload to a page’s meta description and get it executed in the versioned history compare view.
Affected configurations
Node
silverstripeframeworkRange1.0.0–1.11.1
Related
osv
osv
Stored XSS in Compare Mode
2022-11-22 00:00:16
friendsofphp
friendsofphp
CVE-2022-38145 - Stored XSS in Compare Mode
2021-11-21 00:00:00
cve
cve
CVE-2022-38145
2022-11-23 02:15:09
prion
prion
Design/Logic Flaw
2022-11-23 02:15:00
veracode
veracode
Cross-site Scripting (XSS)
2022-11-24 06:36:22
github
github
Stored XSS in Compare Mode
2022-11-22 00:00:16
cvelist
cvelist
CVE-2022-38145
2022-11-23 00:00:00
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
36.6%
Related for NVD:CVE-2022-38145