5 matches found
CVE-2022-37429
Silverstripe silverstripe/framework through 4.11 allows XSS issue 1 of 2 via JavaScript payload to the href attribute of a link by splitting a javascript URL with white space characters...
CVE-2022-37429
Silverstripe silverstripe/framework through 4.11 allows XSS issue 1 of 2 via JavaScript payload to the href attribute of a link by splitting a javascript URL with white space characters...
CVE-2022-37429
Concrete details for CVE-2022-37429: SilverStripe framework (silverstripe/framework) versions up to and including 4.11 are affected by a cross-site scripting (XSS) vulnerability. The root cause is improper handling of user-supplied data in link href attributes, allowing a JavaScript payload to be...
CVE-2022-37429
Silverstripe silverstripe/framework through 4.11 allows XSS issue 1 of 2 via JavaScript payload to the href attribute of a link by splitting a javascript URL with white space characters...
CVE-2022-37429 - Stored XSS using HTMLEditor
More info at https://www.silverstripe.org/download/security-releases/cve-2022-37429...