Lucene search
Veracode Vulnerability DatabaseVERACODE:38223HistoryNov 24, 2022 - 6:36 a.m.
Cross-site Scripting (XSS)
2022-11-2406:36:22
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
5
silverstripe
versioned-admin
xss
difffield.php
value() function
injection
malicious javascript
EPSS
0.001
Percentile
36.6%
silverstripe/versioned-admin is vulnerable to cross-site scripting.The vulnerability exists in the Value() function of DiffField.php due to non-html fields in diff which allows an attacker to inject and execute malicious JavaScript via compare mode.
References
forum.silverstripe.org/c/releases
github.com/advisories/GHSA-66jf-xm2m-7m8r
github.com/silverstripe/silverstripe-versioned-admin/commit/aef67c5b91f6e597cb502d8d7c999d483cc481f7
github.com/silverstripe/silverstripe-versioned-admin/pull/264
www.silverstripe.org/blog/tag/release
www.silverstripe.org/download/security-releases/
www.silverstripe.org/download/security-releases/CVE-2022-38145
Related
osv
osv
Stored XSS in Compare Mode
2022-11-22 00:00:16
friendsofphp
friendsofphp
CVE-2022-38145 - Stored XSS in Compare Mode
2021-11-21 00:00:00
cve
cve
CVE-2022-38145
2022-11-23 02:15:09
cvelist
cvelist
CVE-2022-38145
2022-11-23 00:00:00
nvd
nvd
CVE-2022-38145
2022-11-23 02:15:09
prion
prion
Design/Logic Flaw
2022-11-23 02:15:00
github
github
Stored XSS in Compare Mode
2022-11-22 00:00:16