{"id":"CVE-2022-37251","details":"Craft CMS 4.2.0.1 is vulnerable to Cross Site Scripting (XSS) via Drafts.","aliases":["GHSA-mw37-wx8p-gp45"],"modified":"2026-04-10T04:49:50.714637Z","published":"2022-09-16T22:15:12.057Z","references":[{"type":"WEB","url":"http://craft.com"},{"type":"ADVISORY","url":"https://labs.integrity.pt/advisories/cve-2022-37251/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/craftcms/cms","events":[{"introduced":"0"},{"last_affected":"be5dc3ab57c66c80a950556d9eaddcfb194ae0df"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"4.2.0.1"}]}}],"versions":["0.9.2063","0.9.2064","0.9.2065","0.9.2068","0.9.2071","0.9.2078","0.9.2079","0.9.2080","0.9.2081","0.9.2083","0.9.2090","0.9.2094","0.9.2100","0.9.2101","0.9.2102","0.9.2103","0.9.2106","0.9.2116","0.9.2117","0.9.2123","0.9.2124","0.9.2146","0.9.2151","0.9.2157","0.9.2167","0.9.2168","0.9.2177","0.9.2181","0.9.2184","0.9.2189","0.9.2193","0.9.2243","0.9.2246","1.0.0-alpha.2236","1.0.0-alpha.2237","1.0.0-alpha.2238","1.0.0-alpha.2241","1.0.0-alpha.2242","1.0.0-alpha.2244","1.0.0-alpha.2245","1.0.0-alpha.2247","1.0.0-alpha.2248","1.0.0-alpha.2249","1.0.2266","1.1.0-alpha.2283","1.1.0-alpha.2284","1.1.0-alpha.2285","1.1.0-alpha.2288","1.1.2291","1.2.0-alpha.2310","1.2.0-alpha.2312","1.2.0-alpha.2318","1.2.0-alpha.2319","1.2.0-alpha.2322","1.2.0-alpha.2328","1.2.0-alpha.2329","1.2.2333","1.2.2335","1.2.2336","1.2.2339","1.4.0-alpha.2488","1.4.0-alpha.2489","1.4.0-alpha.2490","1.4.0-alpha.2491","1.4.0-alpha.2492","1.4.0-alpha.2493","1.4.0-alpha.2497","1.4.0-alpha.2498","1.4.0-alpha.2499","1.4.0-alpha.2500","1.4.0-alpha.2502","1.4.0-alpha.2503","1.4.0-alpha.2505","1.4.0-alpha.2509","2.0.2524","2.0.2525","2.0.2527","2.0.2532","2.0.2533","2.0.2535","2.0.2536","2.0.2537","2.0.2538","2.0.2539","2.1.0-alpha.2546","2.1.0-alpha.2547","2.1.0-alpha.2552","2.1.2554","2.1.2555","2.1.2556","2.1.2557","2.2.0-alpha.2578","2.2.2579","2.2.2581","2.3.0-alpha.2600","2.3.0-alpha.2602","2.3.0-alpha.2603","2.3.0-alpha.2605","2.3.0-alpha.2606","2.3.0-alpha.2608","2.3.0-alpha.2610","2.3.0-alpha.2612","2.3.2615","2.3.2616","2.3.2617","3.0.0-RC10.1","3.0.0-alpha.2671","3.0.0-alpha.2681","3.0.0-alpha.2687","3.0.0-alpha.2915","3.0.0-alpha.2918","3.0.0-alpha.2928","3.0.0-alpha.2933","3.0.0-alpha.2937","3.0.0-alpha.2939","3.0.0-alpha.2942","3.0.0-alpha.2948","3.0.26","3.0.26.1","3.0.27","3.0.27.1","3.0.28","3.0.29","3.0.30","3.0.30.1","3.0.30.2","3.0.31","3.0.32","3.0.33","3.0.34","3.0.35","3.0.36","3.0.37","3.1.1","3.1.10","3.1.11","3.1.12","3.1.13","3.1.14","3.1.15","3.1.16","3.1.17","3.1.17.1","3.1.17.2","3.1.18","3.1.19","3.1.2","3.1.2.1","3.1.2.2","3.1.20","3.1.20.1","3.1.21","3.1.21.1","3.1.22","3.1.23","3.1.24","3.1.25","3.1.26","3.1.27","3.1.28","3.1.29","3.1.3","3.1.30","3.1.31","3.1.32","3.1.32.1","3.1.33","3.1.34","3.1.4","3.1.5","3.1.6","3.1.6.1","3.1.7","3.1.8","3.1.9","3.1.9.1","3.2.0","3.2.1","3.2.10","3.2.2","3.2.3","3.2.4","3.2.4.1","3.2.5","3.2.5.1","3.2.6","3.2.7","3.2.8","3.2.9","3.3.0","3.3.0.1","3.3.1","3.3.1.1","3.3.1.2","3.3.10","3.3.11","3.3.12","3.3.13","3.3.14","3.3.15","3.3.16","3.3.16.1","3.3.16.2","3.3.16.3","3.3.17","3.3.18","3.3.18.1","3.3.18.2","3.3.18.3","3.3.18.4","3.3.19","3.3.2","3.3.20","3.3.20.1","3.3.3","3.3.4","3.3.4.1","3.3.5","3.3.6","3.3.7","3.3.8","3.3.9","3.4.0","3.4.0.1","3.4.0.2","3.4.1","3.4.10","3.4.10.1","3.4.11","3.4.12","3.4.13","3.4.14","3.4.15","3.4.16","3.4.17","3.4.17.1","3.4.18","3.4.19","3.4.19.1","3.4.2","3.4.20","3.4.21","3.4.22","3.4.22.1","3.4.23","3.4.24","3.4.25","3.4.26","3.4.27","3.4.28","3.4.28.1","3.4.29","3.4.29.1","3.4.3","3.4.30","3.4.4","3.4.4.1","3.4.5","3.4.6","3.4.6.1","3.4.7","3.4.7.1","3.4.8","3.4.9","3.5.0","3.5.1","3.5.10","3.5.10.1","3.5.11","3.5.11.1","3.5.12","3.5.12.1","3.5.13","3.5.13.1","3.5.13.2","3.5.14","3.5.15","3.5.15.1","3.5.16","3.5.17","3.5.17.1","3.5.18","3.5.19","3.5.2","3.5.3","3.5.4","3.5.5","3.5.6","3.5.7","3.5.8","3.5.9","3.6.0","3.6.0.1","3.6.1","3.6.10","3.6.11","3.6.11.1","3.6.11.2","3.6.12","3.6.12.1","3.6.13","3.6.14","3.6.15","3.6.16","3.6.17","3.6.18","3.6.2","3.6.3","3.6.4","3.6.4.1","3.6.5","3.6.5.1","3.6.6","3.6.7","3.6.8","3.6.9","3.7.0","3.7.1","3.7.10","3.7.11","3.7.12","3.7.13","3.7.14","3.7.15","3.7.16","3.7.17","3.7.17.1","3.7.17.2","3.7.18","3.7.18.1","3.7.18.2","3.7.19","3.7.19.1","3.7.2","3.7.20","3.7.21","3.7.22","3.7.23","3.7.24","3.7.25","3.7.25.1","3.7.26","3.7.27","3.7.27.1","3.7.28","3.7.29","3.7.3","3.7.3.1","3.7.3.2","3.7.30","3.7.30.1","3.7.31","3.7.32","3.7.34","3.7.35","3.7.36","3.7.37","3.7.38","3.7.39","3.7.4","3.7.40","3.7.40.1","3.7.5","3.7.6","3.7.7","3.7.8","3.7.9","4.0.0","4.0.0.1","4.0.1","4.0.2","4.0.3","4.0.4","4.0.5","4.0.5.1","4.0.5.2","4.0.6","4.1.0","4.1.0.1","4.1.0.2","4.1.1","4.1.2","4.1.3","4.1.4","4.1.4.1","4.2.0","4.2.0.1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-37251.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"}]}