Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 10:37 p.m.13 views

CVE-2022-28803

In SilverStripe Framework through 2022-04-07, Stored XSS can occur in javascript link tags added via XMLHttpRequest XHR...

5.4CVSS5.8AI score0.00513EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2022/11/21 11:59 p.m.50 views

Stored XSS using uppercase characters in HTMLEditor

A malicious content author could add a Javascript payload to the href attribute of a link. A similar issue was identified and fixed via CVE-2022-28803. However, the fix didn't account for the casing of the href attribute. An attacker must have access to the CMS to exploit this issue...

5.4CVSS5.4AI score0.00516EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2022/11/21 11:59 p.m.42 views

GHSA-QW4W-VQ8V-2WCV Stored XSS using uppercase characters in HTMLEditor

A malicious content author could add a Javascript payload to the href attribute of a link. A similar issue was identified and fixed via CVE-2022-28803. However, the fix didn't account for the casing of the href attribute. An attacker must have access to the CMS to exploit this issue...

5.4CVSS5.2AI score0.00516EPSS
Exploits0References6
CVE
CVE
added 2022/06/29 12:50 a.m.88 views

CVE-2022-28803

CVE-2022-28803 concerns the SilverStripe Framework (through 2022-04-07) where a Stored XSS vulnerability can occur in javascript link tags added via XMLHttpRequest (XHR). The issue is triggered by content added to the page that includes a javascript: link tag, enabling script execution in the con...

5.4CVSS5AI score0.00513EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/06/29 12:50 a.m.29 views

CVE-2022-28803

In SilverStripe Framework through 2022-04-07, Stored XSS can occur in javascript link tags added via XMLHttpRequest XHR...

5.3AI score0.00513EPSS
Exploits0References2
Friends Of PHP
Friends Of PHP
added 2022/06/27 5:27 a.m.25 views

CVE-2022-28803: Stored XSS in link tags added via XHR

More info at https://www.silverstripe.org/download/security-releases/cve-2022-28803...

5.4CVSS7.2AI score0.00513EPSS
Exploits0Affected Software1
Rows per page
Query Builder