CVE-2022-37246 — MEDIUM (5.4)

Vulnerability Description

Craft CMS 4.2.0.1 is affected by Cross Site Scripting (XSS) in the file src/web/assets/cp/src/js/BaseElementSelectInput.js and in specific on the line label: elementInfo.label.

CVSS Score

5.4

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Craftcms	Craft Cms	4.2.0.1

Related Weaknesses (CWE)

CWE-79

References

https://github.com/craftcms/cms/commit/1d5fdba23c84d6d09a8a980c7b6fc52fb93b679bPatchThird Party Advisory
https://labs.integrity.pt/advisories/cve-2022-37246/PatchThird Party Advisory
https://github.com/craftcms/cms/commit/1d5fdba23c84d6d09a8a980c7b6fc52fb93b679bPatchThird Party Advisory
https://labs.integrity.pt/advisories/cve-2022-37246/PatchThird Party Advisory

FAQ

What is CVE-2022-37246?

CVE-2022-37246 is a vulnerability with a CVSS score of 5.4 (MEDIUM). Craft CMS 4.2.0.1 is affected by Cross Site Scripting (XSS) in the file src/web/assets/cp/src/js/BaseElementSelectInput.js and in specific on the line label: elementInfo.label.

How severe is CVE-2022-37246?

CVE-2022-37246 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-37246?

Check the references section above for vendor advisories and patch information. Affected products include: Craftcms Craft Cms.