Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

CVE-2022-28803 - Stored XSS in link tags added via XHR

Severity:
Medium (?)
Identifier:
CVE-2022-28803
Versions Affected:
silverstripe/framework: <=4.10.8
Versions Fixed:
silverstripe/framework: 4.10.9
Release Date:
2022-06-28

XSS inside the href attribute of an HTML hyperlink can be added to website content via XHR by an authenticated CMS user.

Base CVSS: 5.4

Reported by: ranjit-git via huntr.dev