Lucene search
Veracode Vulnerability DatabaseVERACODE:38206HistoryNov 23, 2022 - 10:37 a.m.
Cross-Site Scripting (XSS)
2022-11-2310:37:41
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
11
silverstripe
cross-site scripting
vendor.js
outdated jquery
__proto__ query string parameter
EPSS
0.001
Percentile
43.9%
silverstripe/admin is vulnerable to Cross-Site Scripting (XSS). The vulnerability exists in vendor.js due to an outdated jquery which allows an attacker to inject and execute arbitrary javascript using a specially crafted proto query string parameter.
References
forum.silverstripe.org/c/releases
github.com/advisories/GHSA-44xv-v98g-v79f
github.com/silverstripe/silverstripe-admin/commit/e27f35538e3978d357a96ad3cf7052a005642247
github.com/silverstripe/silverstripe-admin/pull/1392
www.silverstripe.org/blog/tag/release
www.silverstripe.org/download/security-releases/
www.silverstripe.org/download/security-releases/CVE-2022-38146
Related
friendsofphp
friendsofphp
CVE-2022-38146 - URL XSS vulnerability due to outdated jquery in CMS
2021-11-21 00:00:00
github
github
URL XSS vulnerability due to outdated jquery in CMS
2022-11-21 23:57:46
osv
osv
CVE-2022-38146
2022-11-21 16:15:13
URL XSS vulnerability due to outdated jquery in CMS
2022-11-21 23:57:46
cvelist
cvelist
CVE-2022-38146
2022-11-21 00:00:00
cve
cve
CVE-2022-38146
2022-11-21 16:15:13
prion
prion
Design/Logic Flaw
2022-11-21 16:15:00
nvd
nvd
CVE-2022-38146
2022-11-21 16:15:13
cnvd
cnvd
Silverstripe framework cross-site scripting vulnerability
2022-11-23 00:00:00