CVE-2022-37429 Information

Description

Silverstripe silverstripe/framework through 4.11 allows XSS (issue 1 of 2) via JavaScript payload to the href attribute of a link by splitting a javascript URL with white space characters.

Reference

https://www.silverstripe.org/download/security-releases/ https://www.silverstripe.org/download/security-releases/CVE-2022-37429 https://www.silverstripe.org/blog/tag/release https://forum.silverstripe.org/c/releases