CVE-2022-37421
Description
Silverstripe silverstripe/cms through 4.11.0 allows XSS.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Silverstripe CMS through 4.11.0 contains a cross-site scripting (XSS) vulnerability in the CMS interface, allowing attackers to inject arbitrary scripts.
Vulnerability
Overview CVE-2022-37421 is a cross-site scripting (XSS) vulnerability in Silverstripe CMS (silverstripe/cms) through version 4.11.0. The official description states that the software allows XSS, indicating that user input is insufficiently sanitized before being rendered in the CMS interface [2]. The vulnerability lies in the CMS portion of Silverstripe, which is a web-based content management system.
Attack
Vector and Prerequisites An attacker can exploit this vulnerability by injecting malicious scripts into pages, comments, or other user-controllable fields within the CMS. The attack requires the attacker to have some level of access to the CMS (e.g., a content editor or author role), or to trick an administrator into interacting with crafted content. The vulnerability is triggered when an administrator or other user views the malicious content in the CMS backend [3].
Impact
Successful exploitation allows an attacker to execute arbitrary JavaScript in the context of the victim's browser session. This can lead to session hijacking, defacement, redirection to malicious sites, or theft of sensitive information such as authentication tokens. Since the attack occurs within the CMS interface, it can compromise the integrity and confidentiality of the entire web application [2].
Mitigation
The Silverstripe development team has addressed this issue in subsequent releases. Users are advised to upgrade to Silverstripe CMS version 4.12.0 or later. Workarounds may include disabling vulnerable components or applying input sanitization patches, but upgrading is the recommended course of action [1].
AI Insight generated on May 21, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
silverstripe/cmsPackagist | >= 4.0.0, < 4.11.3 | 4.11.3 |
Affected products
3- Silverstripe/silverstripe/cmsdescription
- osv-coords2 versions
>= 3.0.0, < 4.11.3+ 1 more
- (no CPE)range: >= 3.0.0, < 4.11.3
- (no CPE)range: >= 4.0.0, < 4.11.3
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
9- github.com/advisories/GHSA-pp74-g2q5-j4jfghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-37421ghsaADVISORY
- forum.silverstripe.org/c/releasesghsaWEB
- github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/cms/CVE-2022-37421.yamlghsaWEB
- www.silverstripe.org/blog/tag/releaseghsaWEB
- www.silverstripe.org/download/security-releasesghsaWEB
- www.silverstripe.org/download/security-releases/cve-2022-37421ghsaWEB
- www.silverstripe.org/download/security-releases/mitre
- www.silverstripe.org/download/security-releases/CVE-2022-37421mitre
News mentions
0No linked articles in our index yet.