CVE-2022-37421

Name of the Vulnerable Software and Affected Versions Silverstripe silverstripe/cms versions 4.11.0 and earlier

Description The issue allows for XSS (Cross-Site Scripting) attacks. A malicious content author could create a custom meta tag and execute an arbitrary JavaScript payload. This would require convincing a legitimate user to access a page and enter a custom keyboard shortcut, and it requires CMS access to exploit.

Recommendations For versions 4.11.0 and earlier, as a temporary workaround, consider restricting access to custom meta tags until a patch is available. Restrict CMS access to minimize the risk of exploitation. Avoid using custom keyboard shortcuts in the affected CMS until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.