Headline
CVE-2022-37248: More XSS vulnerabilities · craftcms/cms@cedeba0
Craft CMS 4.2.0.1 is vulnerable to Cross Site Scripting (XSS) via src/helpers/Cp.php.
@@ -1620,7 +1620,7 @@ private static function _fldTabHtml(FieldLayoutTab $tab, bool $customizable): st $customizable ? ‘draggable’ : null, ]), ]) . Html::tag('span’, $tab->name) . Html::tag('span’, Html::encode($tab->name)) . ($customizable ? Html::a('’, null, [ ‘role’ => 'button’, @@ -1722,7 +1722,7 @@ private static function _fldFieldSelectorsHtml(string $groupName, array $groupFi ]), ‘data’ => [‘name’ => mb_strtolower($groupName)], ]) . Html::tag('h6’, $groupName) . Html::tag('h6’, Html::encode($groupName)) . implode('’, array_map(fn(BaseField $field) => self::_fldElementSelectorHtml($field, true, [ ‘class’ => array_filter([ $fieldLayout->isFieldIncluded($field->attribute()) ? ‘hidden’ : null,
Related news
Craft CMS 4.2.0.1 is vulnerable to Cross Site Scripting (XSS) via `src/helpers/Cp.php`.
Craft CMS 4.2.0.1 is vulnerable to Cross Site Scripting (XSS) via Drafts.
Craft CMS 4.2.0.1 suffers from Stored Cross Site Scripting (XSS) in /admin/myaccount.