Lucene search
Veracode Vulnerability DatabaseVERACODE:37246HistorySep 23, 2022 - 5:39 a.m.
Cross-Site Scripting (XSS)
2022-09-2305:39:58
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
6
cross-site scripting
craftcms/cms
createnewelement
baseelementselectinput.js
lack of sanitization
elementinfo attribute
malicious javascript
0.001 Low
EPSS
Percentile
19.6%
craftcms/cms is vulnerable to cross-site scripting. The vulnerability exists in the createNewElement function of BaseElementSelectInput.js due to a lack of sanitization in the elementInfo attribute, allowing an attacker to inject and execute malicious javascript.
| CPE | Name | Operator | Version |
|---|---|---|---|
| craftcms/cms | le | 3.7.50 | |
| craftcms/cms | le | 4.2.0.2 | |
| craftcms/cms | le | 3.7.50 | |
| craftcms/cms | le | 4.2.0.2 |
Related
osv
osv
CVE-2022-37246
2022-09-21 15:15:14
Craft CMS Cross-site Scripting vulnerability
2022-09-22 00:00:28
cve
cve
CVE-2022-37246
2022-09-21 15:15:14
prion
prion
Cross site scripting
2022-09-21 15:15:00
github
github
Craft CMS Cross-site Scripting vulnerability
2022-09-22 00:00:28
nvd
nvd
CVE-2022-37246
2022-09-21 15:15:14
cvelist
cvelist
CVE-2022-37246
2022-09-21 14:14:01