CVE-2022-37246

Name of the Vulnerable Software and Affected Versions Craft CMS version 4.2.0.1

Description The issue is related to Cross Site Scripting (XSS) in the file src/web/assets/cp/src/js/BaseElementSelectInput.js, specifically on the line label: elementInfo.label. This suggests a potential problem with how user input is handled, allowing for malicious scripts to be injected into the website.

Recommendations For Craft CMS version 4.2.0.1, consider disabling the BaseElementSelectInput.js file or restricting access to it until a patch is available. Additionally, avoid using the label variable in the affected API endpoint or function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.