CVE-2022-37430
https://notcve.org/view.php?id=CVE-2022-37430
Silverstripe silverstripe/framework through 4.11 allows XSS vulnerability via href attribute of a link (issue 2 of 2). El framework Silverstripe hasta la versión 4.11 permite la vulnerabilidad XSS a través del atributo href de un enlace (problema 2 de 2). • https://forum.silverstripe.org/c/releases https://www.silverstripe.org/blog/tag/release https://www.silverstripe.org/download/security-releases https://www.silverstripe.org/download/security-releases/CVE-2022-37430 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-37421
https://notcve.org/view.php?id=CVE-2022-37421
Silverstripe silverstripe/cms through 4.11.0 allows XSS. El cms de Silverstripe hasta 4.11.0 permite XSS. • https://forum.silverstripe.org/c/releases https://www.silverstripe.org/blog/tag/release https://www.silverstripe.org/download/security-releases https://www.silverstripe.org/download/security-releases/CVE-2022-37421 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-37429
https://notcve.org/view.php?id=CVE-2022-37429
Silverstripe silverstripe/framework through 4.11 allows XSS (issue 1 of 2) via JavaScript payload to the href attribute of a link by splitting a javascript URL with white space characters. El framework Silverstripe hasta la versión 4.11 permite XSS (problema 1 de 2) a través del payload de JavaScript al atributo href de un enlace al dividir una URL de JavaScript con caracteres de espacio en blanco. • https://forum.silverstripe.org/c/releases https://www.silverstripe.org/blog/tag/release https://www.silverstripe.org/download/security-releases https://www.silverstripe.org/download/security-releases/CVE-2022-37429 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-38145
https://notcve.org/view.php?id=CVE-2022-38145
Silverstripe silverstripe/framework through 4.11 allows XSS (issue 1 of 3) via remote attackers adding a Javascript payload to a page's meta description and get it executed in the versioned history compare view. El framework Silverstripe hasta la versión 4.11 permite XSS (problema 1 de 3) a través de atacantes remotos que agreguen un payload de Javascript a la meta descripción de una página y la ejecute en la vista de comparación del historial de versiones. • https://forum.silverstripe.org/c/releases https://www.silverstripe.org/blog/tag/release https://www.silverstripe.org/download/security-releases https://www.silverstripe.org/download/security-releases/CVE-2022-38145 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-38147
https://notcve.org/view.php?id=CVE-2022-38147
Silverstripe silverstripe/framework through 4.11 allows XSS (issue 3 of 3). El framework Silverstripe hasta 4.11 permite XSS (problema 3 de 3). • https://forum.silverstripe.org/c/releases https://www.silverstripe.org/blog/tag/release https://www.silverstripe.org/download/security-releases https://www.silverstripe.org/download/security-releases/CVE-2022-38147 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •