Moderate severityNVD Advisory· Published Sep 16, 2022· Updated Jun 3, 2025
CVE-2022-37250
CVE-2022-37250
Description
Craft CMS 4.2.0.1 suffers from Stored Cross Site Scripting (XSS) in /admin/myaccount.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
craftcms/cmsPackagist | >= 4.0.0-RC1, < 4.2.1 | 4.2.1 |
Affected products
2Patches
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
8- github.com/advisories/GHSA-8r89-x93x-mjq2ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-37250ghsaADVISORY
- github.com/craftcms/cms/blob/3.7.55.1/src/helpers/Cp.phpghsaWEB
- github.com/craftcms/cms/blob/4.0.0-RC1/src/helpers/Cp.phpghsaWEB
- github.com/craftcms/cms/blob/develop/CHANGELOG.mdghsaWEB
- github.com/craftcms/cms/commit/cdc9cb66d0716c9552e4113c8e426fd1a31f9516ghsax_refsource_MISCWEB
- labs.integrity.pt/advisories/cve-2022-37250ghsaWEB
- labs.integrity.pt/advisories/cve-2022-37250/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.