{"id":"GHSA-3cvm-7wrh-qrf9","summary":"Craft CMS vulnerable to stored Cross-site Scripting via /admin/settings/fields page","details":"Craft CMS 4.2.0.1 is vulnerable to stored a cross-site scripting (XSS) via /admin/settings/fields page.","aliases":["CVE-2022-37247"],"modified":"2024-02-17T05:32:09.200137Z","published":"2022-09-17T00:00:30Z","database_specific":{"github_reviewed_at":"2022-09-23T13:53:34Z","github_reviewed":true,"severity":"MODERATE","nvd_published_at":"2022-09-16T22:15:00Z","cwe_ids":["CWE-79"]},"references":[{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-37247"},{"type":"WEB","url":"https://github.com/craftcms/cms/commit/cedeba0609e4b173cd584dae7f33c5f713f19627"},{"type":"PACKAGE","url":"https://github.com/craftcms/cms"},{"type":"WEB","url":"https://github.com/craftcms/cms/blob/3.7.55.2/src/helpers/Cp.php"},{"type":"WEB","url":"https://github.com/craftcms/cms/blob/4.0.0-RC1/src/helpers/Cp.php"},{"type":"WEB","url":"https://labs.integrity.pt/advisories/cve-2022-37247"}],"affected":[{"package":{"name":"craftcms/cms","ecosystem":"Packagist","purl":"pkg:composer/craftcms/cms"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"4.0.0-RC1"},{"fixed":"4.2.1"}]}],"versions":["4.0.0","4.0.0-RC1","4.0.0-RC2","4.0.0-RC3","4.0.0.1","4.0.1","4.0.2","4.0.3","4.0.4","4.0.5","4.0.5.1","4.0.5.2","4.0.6","4.1.0","4.1.0.1","4.1.0.2","4.1.1","4.1.2","4.1.3","4.1.4","4.1.4.1","4.2.0","4.2.0.1","4.2.0.2"],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/09/GHSA-3cvm-7wrh-qrf9/GHSA-3cvm-7wrh-qrf9.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"}]}