CVE-2022-37251 - Stored XSS in Drafts in Craft CMS

1. Vulnerability Properties

Title: Stored XSS in Drafts in Craft CMS
CVE ID: CVE-2022-37251
CVSSv3 Base Score: 8.1 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Vendor: Craft CMS
Products: Craft CMS
Advisory Release Date: 7 Sep 2022
Advisory URL: https://labs.integrity.pt/advisories/cve-2022-37251
Credits: Discovery by Gil Correia <gil.correia[at]devoteam.com>

2. Vulnerability Summary

For this vulnerability the attacker needs to create a new Entry, and a Draft inside the freshly created Entry.
After these steps, the XSS payload needs to be introduced in the “Draft name”. The reflection occurs in the “Apply draft” and in the “Save draft” functionality. Theres also a third reflection on the /admin/dashboard when the payload is already created and then added the “My Drafts” Widget to the dashboard.

3. Vulnerable Versions

  • 4.2.0.1

4. Solution

  • Update to version 4.2.1 or higher

5. Vulnerability Timeline

  • 01/08/22 -Vulnerability reported to Craft CMS via their report page.
  • 01/08/22 -Vulnerability verified by vendor.
  • 01/08/22 -Vulnerability fixed by vendor
  • 07/09/22 -Advisory released.

6. References

  • https://github.com/craftcms/cms/commit/919c9074ff8596bf30a629b0888c529793e9a903


© 2022 Integrity Part of Devoteam. All rights reserved. | Cookie Policy

Cookie Consent X

Integrity S.A. uses cookies for analytical and more personalized information presentation purposes, based on your browsing habits and profile. For more detailed information, see our Cookie Policy.