Vulnerability Database

289,496

Total vulnerabilities in the database

CVE-2022-37246

Craft CMS 4.2.0.1 is affected by Cross Site Scripting (XSS) in the file src/web/assets/cp/src/js/BaseElementSelectInput.js and in specific on the line label: elementInfo.label.

CVSS v3:

  • Severity: Medium
  • Score: 5.4
  • AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CWEs:

OWASP TOP 10:

Software From Fixed in
craftcms / craft_cms 4.2.0.1 4.2.0.1.x
craftcms / cms 4.0.0-RC1 4.2.1
craftcms / cms 3.7.39 3.7.51