Lucene search
HistoryNov 22, 2022 - 1:15 p.m.
CVE-2022-38462
cve-2022-38462
silverstripe
framework
xss
vulnerability
url
dev/build
security/login
nvd
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
35.7%
Silverstripe silverstripe/framework through 4.11 is vulnerable to XSS by carefully crafting a return URL on a /dev/build or /Security/login request.
Affected configurations
Node
silverstripeframeworkRange<4.11.13
ORsilverstripeframeworkRange3.0.0–3.7.7
| CPE | Name | Operator | Version |
|---|---|---|---|
| silverstripe:framework | silverstripe framework | lt | 4.11.13 |
| silverstripe:framework | silverstripe framework | le | 3.7.7 |
References
Social References
More
Related
osv
osv
CVE-2022-38462
2022-11-22 13:15:12
Reflected XSS in querystring parameters
2022-11-21 23:59:56
prion
prion
Design/Logic Flaw
2022-11-22 13:15:00
github
github
Reflected XSS in querystring parameters
2022-11-21 23:59:56
cnvd
cnvd
SilverStripe Cross-Site Scripting Vulnerability
2022-11-24 00:00:00
friendsofphp
friendsofphp
CVE-2022-38462 - Reflected XSS in querystring parameters
2021-11-21 00:00:00
nvd
nvd
CVE-2022-38462
2022-11-22 13:15:12
cvelist
cvelist
CVE-2022-38462
2022-11-22 00:00:00
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
35.7%
Related for CVE-2022-38462