CVE-2022-37247
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in packagist/craftcms/cms
Identifiers
CVE-2022-37247
Package Slug
packagist/craftcms/cms
Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Description
Craft CMS 4.2.0.1 is vulnerable to stored a cross-site scripting (XSS) via /admin/settings/fields page.
Affected Versions
Version 4.2.0.1
Solution
Upgrade to version 4.2.0.2 or above.
Last Modified
2022-09-22
| source |