Lucene search
K

7 matches found

NVD
NVD
added 2022/11/23 2:15 a.m.27 views

CVE-2022-38145

Silverstripe silverstripe/framework through 4.11 allows XSS issue 1 of 3 via remote attackers adding a Javascript payload to a page's meta description and get it executed in the versioned history compare view...

5.4CVSS0.00595EPSS
Exploits0References4
OSV
OSV
added 2022/11/23 2:15 a.m.5 views

CVE-2022-38145

Silverstripe silverstripe/framework through 4.11 allows XSS issue 1 of 3 via remote attackers adding a Javascript payload to a page's meta description and get it executed in the versioned history compare view...

5.4CVSS5.8AI score0.00595EPSS
Exploits0References4
Prion
Prion
added 2022/11/23 2:15 a.m.16 views

Design/Logic Flaw

Silverstripe silverstripe/framework through 4.11 allows XSS issue 1 of 3 via remote attackers adding a Javascript payload to a page's meta description and get it executed in the versioned history compare view...

4.9CVSS5.2AI score0.00595EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2022/11/23 12:0 a.m.28 views

CVE-2022-38145

Silverstripe silverstripe/framework through 4.11 allows XSS issue 1 of 3 via remote attackers adding a Javascript payload to a page's meta description and get it executed in the versioned history compare view...

5.5AI score0.00595EPSS
Exploits0References4
CVE
CVE
added 2022/11/23 12:0 a.m.78 views

CVE-2022-38145

CVE-2022-38145 concerns stored XSS in SilverStripe’s versioned admin/compare view. Multiple connected sources describe that an attacker with CMS access can inject a Javascript payload by placing it in a page’s meta description, which then executes when viewing the version history compare. The mos...

5.4CVSS5.2AI score0.00595EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/11/22 12:0 a.m.16 views

GHSA-66JF-XM2M-7M8R Stored XSS in Compare Mode

A malicious content author could add a Javascript payload to a page's meta description and get it executed in the versioned history compare view. This vulnerability requires access to the CMS to be deployed. The attacker must then convince a privileged user to access the version history for that...

5.4CVSS5.2AI score0.00595EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2022/11/22 12:0 a.m.8 views

PT-2022-24237 · Silverstripe · Silverstripe/Framework

Name of the Vulnerable Software and Affected Versions: Silverstripe silverstripe/framework versions through 4.11 Description: The issue allows remote attackers to execute a Javascript payload in the versioned history compare view by adding it to a page's meta description. This can be done by a...

5.4CVSS5.5AI score0.00595EPSS
Exploits0References9
Rows per page
Query Builder