CVE-2022-28803 - Stored XSS in link tags added via XHR
- Severity:
- Medium (?)
- Identifier:
- CVE-2022-28803
- Versions Affected:
- silverstripe/framework: <=4.10.8
- Versions Fixed:
- silverstripe/framework: 4.10.9
- Release Date:
- 2022-06-28
XSS inside the href attribute of an HTML hyperlink can be added to website content via XHR by an authenticated CMS user.
Base CVSS: 5.4
Reported by: ranjit-git via huntr.dev