Headline

CVE-2022-37246: Fixed an XSS vulnerability · craftcms/cms@1d5fdba

Craft CMS 4.2.0.1 is affected by Cross Site Scripting (XSS) in the file src/web/assets/cp/src/js/BaseElementSelectInput.js and in specific on the line label: elementInfo.label.

2 years ago

CVE

Open in Source

#xss #vulnerability #web #js

@@ -471,7 +471,7 @@ Craft.BaseElementSelectInput = Garnish.Base.extend(

createNewElement: function (elementInfo) {

var $element = elementInfo.$element.clone();

var removeText = Craft.t('app’, 'Remove {label}’, {

label: elementInfo.label,

label: Craft.escapeHtml(elementInfo.label),

});

// Make a couple tweaks

Craft.setElementSize(

Craft CMS 4.2.0.1 is affected by Cross Site Scripting (XSS) in the file src/web/assets/cp/src/js/BaseElementSelectInput.js and in specific on the line `label: elementInfo.label`.

2 years ago

ghsa

Open in Source

#xss #vulnerability #web #js #git

CVE-2022-37251: CVE-2022-37251 - Stored XSS in Drafts in Craft CMS

Craft CMS 4.2.0.1 is vulnerable to Cross Site Scripting (XSS) via Drafts.

2 years ago

CVE

Open in Source

#xss #vulnerability #web #ios #android #apple #git

CVE-2022-37250: CVE-2022-37250 - Stored XSS in User Addresses Title in Craft CMS

Craft CMS 4.2.0.1 suffers from Stored Cross Site Scripting (XSS) in /admin/myaccount.