CVE-2022-38145 Stored XSS in Compare Mode
- Medium (?)
- Versions Affected:
- silverstripe/versioned-admin: ^1.0.0
- Versions Fixed:
- silverstripe/versioned-admin: ^1.11.1
- Release Date:
This vulnerability requires access to the CMS to be deployed. The attacker must then convince a privileged user to access the version history for that page.
Most projects should be able to apply the patch without further work. There's no legitimate use case for this behaviour.
Regression testing should focus on version comparison with the page history tab.
Base CVSS: 4.6
Reported by: TF1T via huntr.dev