CVE-2022-37421 Stored XSS in custom meta tags
- Low (?)
- Versions Affected:
- silverstripe/cms: ^4.0.0, ^3.0.0
- Versions Fixed:
- silverstripe/cms: 4.11.3
- Release Date:
This requires CMS access to exploit.
Most projects should be able to apply the patch without further work. There's no legitimate use case for this behaviour.
Regression testing should focus on pages with pre-existing custom meta tags, if any are present.
Base CVSS: 3.7
Reported by: TF1T via huntr.dev