CVE-2022-37251
unknown
CVSS v3
—
CVSS v2
—
VIR risk
—
Description
Craft CMS vulnerable to Cross-site Scripting via entry revisions and drafts
Predictions
Exploit likelihood
30%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| Packagist | craftcms/cms | >=3.7.0-beta.1,<3.7.55.2 | 3.7.55.2 |
| Packagist | craftcms/cms | >=4.0.0-RC1,<4.2.1 | 4.2.1 |
References
- https://nvd.nist.gov/vuln/detail/CVE-2022-37251
- https://github.com/craftcms/cms/commit/7139213dbd9e177a3528aac8e2db8de91830f118
- https://github.com/craftcms/cms/commit/919c9074ff8596bf30a629b0888c529793e9a903
- https://github.com/craftcms/cms/commit/f0d9b8a1e3ac005a2418f7d3d9059b49a96e73ea
- https://github.com/craftcms/cms
- https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#421---2022-08-09
- https://labs.integrity.pt/advisories/cve-2022-37251
- http://craft.com
Verify integrity in audit chain (admin only). AS-IS.