Approved changes feed: RSS · Atom

cpe:2.3:a:craftcms:craft_cms:4.2.0.1:*:*:*:*:*:*:*

part: a version: 4.2.0.1 update: *

VendorCraftcms (251e238f-ce53-56ed-bc94-804b74356686)
ProductCraft Cms (a92c5963-2d04-59bc-90a5-a8f29f883095)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from NVD CPE 2.0 feed

PURL mappings

PURLSourceLast updated
pkg:github/craftcms/cms purl2cpe 2026-06-01 10:17:10.366993

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2022-37251 vulnerable 2026-06-08 05:47:11.805626 Details available
Craft CMS 4.2.0.1 is vulnerable to Cross Site Scripting (XSS) via Drafts.
Published: 2022-09-16T20:54:16.000Z
Updated: 2024-08-03T10:29:20.604Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2022-37250 vulnerable 2026-06-08 05:47:11.805139 Details available
Craft CMS 4.2.0.1 suffers from Stored Cross Site Scripting (XSS) in /admin/myaccount.
Published: 2022-09-16T14:57:51.000Z
Updated: 2025-06-03T18:03:34.717Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2022-37248 vulnerable 2026-06-08 05:47:11.804422 Details available
Craft CMS 4.2.0.1 is vulnerable to Cross Site Scripting (XSS) via src/helpers/Cp.php.
Published: 2022-09-16T15:09:46.000Z
Updated: 2024-08-03T10:29:20.735Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2022-37247 vulnerable 2026-06-08 05:47:11.803827 Details available
Craft CMS 4.2.0.1 is vulnerable to stored a cross-site scripting (XSS) via /admin/settings/fields page.
Published: 2022-09-16T20:27:42.000Z
Updated: 2024-08-03T10:29:20.962Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2022-37246 vulnerable 2026-06-08 05:47:11.803219 Details available
Craft CMS 4.2.0.1 is affected by Cross Site Scripting (XSS) in the file src/web/assets/cp/src/js/BaseElementSelectInput.js and in specific on the line label: elementInfo.label.
Published: 2022-09-21T14:14:01.000Z
Updated: 2025-05-27T18:23:15.388Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.