CVE-2022-30429
Last modified
CVE-2022-30429 is a medium-severity vulnerability rated 5.4/10 on the CVSS scale. Multiple cross-site scripting (XSS) vulnerabilities in Neos CMS allow attackers with the editor role or higher to inject arbitrary script or HTML code using the editor function, the deletion of assets, or a workspace title. The vulnerabilities were found in versions 3.3.29 and 8.0.1 and could also be present in all intermediate versions.. EPSS estimates a 0.56% chance of exploitation in the next 30 days.
Description
Multiple cross-site scripting (XSS) vulnerabilities in Neos CMS allow attackers with the editor role or higher to inject arbitrary script or HTML code using the editor function, the deletion of assets, or a workspace title. The vulnerabilities were found in versions 3.3.29 and 8.0.1 and could also be present in all intermediate versions.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Neos | Neos Cms | >= 3.3.0, < 5.3.10 |
| Neos | Neos Cms | >= 7.0.0, < 7.0.9 |
| Neos | Neos Cms | >= 7.1.0, < 7.1.7 |
| Neos | Neos Cms | >= 7.2.0, < 7.2.6 |
| Neos | Neos Cms | >= 7.3.0, < 7.3.4 |
| Neos | Neos Cms | >= 8.0.0, < 8.0.2 |
References
- https://it-sec.de/unbekannte-schwachstellen-in-neos-cms/Exploit, Third Party Advisory
- https://www.neos.io/blog/xss-in-various-backend-modules.htmlVendor Advisory
- https://it-sec.de/unbekannte-schwachstellen-in-neos-cms/Exploit, Third Party Advisory
- https://www.neos.io/blog/xss-in-various-backend-modules.htmlVendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2022-30429?
How severe is CVE-2022-30429?
How do I fix CVE-2022-30429?
Are you affected by CVE-2022-30429?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST