CVE-2022-37247

Name of the Vulnerable Software and Affected Versions Craft CMS version 4.2.0.1

Description The issue is related to a stored cross-site scripting (XSS) vulnerability. This occurs via the /admin/settings/fields page, allowing potential attackers to inject malicious scripts. Cross-site scripting (XSS) is a type of security vulnerability that can be used by attackers to steal user sessions, deface websites, or redirect users to malicious sites.

Recommendations For Craft CMS version 4.2.0.1, as a temporary workaround, consider restricting access to the /admin/settings/fields page until a patch is available. Additionally, avoid using any potentially vulnerable fields in the settings page to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.