Miggo Logo
Miggo Vulnerability Database
CVE-2022-37421

CVE-2022-37421: Silverstipe CMS Stored XSS in custom meta tags

5.4

CVSS Score
3.1

Basic Information

CVE ID
CVE-2022-37421
GHSA ID
GHSA-pp74-g2q5-j4jf
EPSS Score
0.49128%
CWE
CWE-79
Published
11/21/2022
Updated
9/20/2023
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
silverstripe/cmscomposer>= 4.0.0, < 4.11.34.11.3

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The analysis is based on the understanding of XSS vulnerabilities and the information provided about the Silverstripe CMS vulnerability. Without direct access to the patch or specific function names, we can infer that functions related to handling custom meta tags are likely involved.

Vulnerable functions

The vulnerability involves improper handling of custom meta tags, potentially allowing XSS. Functions involved in processing or rendering these tags are likely vulnerable.
WAF Protection Rules
WAF Rule
* m*li*ious *ont*nt *ut*or *oul* *r**t* * *ustom m*t* t** *n* *x**ut* *n *r*itr*ry J*v*S*ript p*ylo**. T*is woul* r*quir* *onvin*in* * l**itim*t* us*r to ****ss * p*** *n* *nt*r * *ustom k*y*o*r* s*ort*ut.
T*is r*quir*s *MS ****ss to *xploit.
Reasoning
T** *n*lysis is **s** on t** un**rst*n*in* o* XSS vuln*r**iliti*s *n* t** in*orm*tion provi*** **out t** Silv*rstrip* *MS vuln*r**ility. Wit*out *ir**t ****ss to t** p*t** or sp**i*i* *un*tion n*m*s, w* **n in**r t**t *un*tions r*l*t** to **n*lin* *u