Title: Stored XSS in Drafts in Craft CMS
CVE ID: CVE-2022-37251
CVSSv3 Base Score: 8.1 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Vendor: Craft CMS
Products: Craft CMS
Advisory Release Date: 7 Sep 2022
Advisory URL: https://labs.integrity.pt/advisories/cve-2022-37251
Credits: Discovery by Gil Correia <gil.correia[at]devoteam.com>
For this vulnerability the attacker needs to create a new Entry, and a Draft inside the freshly created Entry.
After these steps, the XSS payload needs to be introduced in the “Draft name”. The reflection occurs in the “Apply draft” and in the “Save draft” functionality. Theres also a third reflection on the /admin/dashboard when the payload is already created and then added the “My Drafts” Widget to the dashboard.