CVE-2022-37429 Stored XSS using HTMLEditor
- Medium (?)
- Versions Affected:
- silverstripe/framework: ^4.0.0, ^3.0.0
- Versions Fixed:
- silverstripe/framework: 4.11.13
- Release Date:
href attribute of a link by splitting a
An attacker must have access to the CMS to exploit this issue.
Most projects should be able to apply the patch without further work. There's no legitimate use case for this behaviour.
Regression testing should focus on link creations within HTML editor fields.
Base CVSS: 4.6
Reported by: TF1T via huntr.dev