{"id":"CVE-2022-38724","details":"Silverstripe silverstripe/framework through 4.11.0, silverstripe/assets through 1.11.0, and silverstripe/asset-admin through 1.11.0 allow XSS.","aliases":["GHSA-9cx2-hj6m-fv58"],"modified":"2026-02-18T07:28:44.125577Z","published":"2022-11-23T00:15:10.947Z","references":[{"type":"ADVISORY","url":"https://forum.silverstripe.org/c/releases"},{"type":"ADVISORY","url":"https://www.silverstripe.org/blog/tag/release"},{"type":"ADVISORY","url":"https://www.silverstripe.org/download/security-releases/"},{"type":"ADVISORY","url":"https://www.silverstripe.org/download/security-releases/CVE-2022-38724"},{"type":"FIX","url":"https://www.silverstripe.org/blog/tag/release"},{"type":"EVIDENCE","url":"https://www.silverstripe.org/download/security-releases/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/silverstripe/silverstripe-assets","events":[{"introduced":"0"},{"last_affected":"6570020cd3cc6cdb6c05bfaf1aa9a651e5f5529c"},{"introduced":"649c4ebc912d9372e1478702de33d15ef77d0356"},{"last_affected":"6570020cd3cc6cdb6c05bfaf1aa9a651e5f5529c"}]}],"versions":["1.0.0","1.0.0-rc2","1.0.0-rc3","1.0.1","1.0.1-rc1","1.0.2","1.0.3","1.0.4","1.0.5","1.0.6","1.0.7","1.1.0","1.1.0-rc1","1.1.0-rc2","1.1.1","1.1.2","1.1.3","1.1.4","1.1.5","1.10.0","1.10.0-beta1","1.10.0-rc1","1.11.0","1.11.0-beta1","1.11.0-rc1","1.2.0","1.2.0-beta1","1.2.1","1.2.2","1.2.3","1.2.4","1.2.5","1.3.0","1.3.0-rc1","1.3.1","1.3.2","1.3.3","1.3.4","1.3.5","1.4.0","1.4.0-rc1","1.4.1","1.4.2","1.4.3","1.4.4","1.4.5","1.4.6","1.4.7","1.4.8","1.5.0","1.5.0-alpha1","1.5.0-rc1","1.5.0-rc2","1.5.1","1.5.3","1.6.0","1.6.0-beta1","1.6.0-rc1","1.6.1","1.7.0","1.7.0-beta1","1.7.0-rc1","1.7.1","1.8.0","1.8.0-beta1","1.8.0-rc1","1.9.0","1.9.0-alpha1","1.9.0-beta1","1.9.0-rc1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-38724.json"}},{"ranges":[{"type":"GIT","repo":"https://github.com/silverstripe/silverstripe-framework","events":[{"introduced":"6d8df46b8a7e3281fbd1299c626dd7a5a9a14a83"},{"last_affected":"8e6810ff5833976bf99b31d21aa5834d93039332"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-38724.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"}]}