Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

CVE-2022-28803 - Stored XSS in link tags added via XHR

Medium (?)
Versions Affected:
silverstripe/framework: <=4.10.8
Versions Fixed:
silverstripe/framework: 4.10.9

XSS inside the href attribute of an HTML hyperlink can be added to website content via XHR by an authenticated CMS user.

Base CVSS: 5.4

Reported by: ranjit-git via