CVE-2022-37248

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in packagist/craftcms/cms

Identifiers

CVE-2022-37248

Package Slug

packagist/craftcms/cms

Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Description

Craft CMS 4.2.0.1 is vulnerable to Cross Site Scripting (XSS) via src/helpers/Cp.php.

Affected Versions

Version 4.2.0.1

Solution

Upgrade to version 4.2.0.2 or above.

Last Modified

2022-09-19

source