Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:composer/craftcms/cms@4.2.0%2B1
purl pkg:composer/craftcms/cms@4.2.0%2B1
Tags Ghost
Next non-vulnerable version 4.17.12
Latest non-vulnerable version 5.9.18
Risk 3.1
Vulnerabilities affecting this package (5)
Vulnerability Summary Fixed by
VCID-27cr-w1um-d3e5
Aliases:
CVE-2022-37248
GHSA-wxvf-839f-jqmh
Craft CMS Cross site Scripting vulnerability Craft CMS 4.2.0.1 is vulnerable to Cross Site Scripting (XSS) via `src/helpers/Cp.php`.
4.2.0.2
Affected by 58 other vulnerabilities.
4.2.0+2
Affected by 0 other vulnerabilities.
4.2.1
Affected by 58 other vulnerabilities.
VCID-6gwq-1fda-xkcj
Aliases:
CVE-2022-37246
GHSA-f546-v666-559x
Craft CMS Cross-site Scripting vulnerability Craft CMS 4.2.0.1 is affected by Cross Site Scripting (XSS) in the file src/web/assets/cp/src/js/BaseElementSelectInput.js and in specific on the line `label: elementInfo.label`.
4.2.0.2
Affected by 58 other vulnerabilities.
4.2.0+2
Affected by 0 other vulnerabilities.
4.2.1
Affected by 58 other vulnerabilities.
VCID-6h71-zkte-v3ev
Aliases:
CVE-2022-37250
GHSA-8r89-x93x-mjq2
Craft CMS Stored Cross-site Scripting in User Addresses Title Craft CMS 4.2.0.1 suffers from Stored Cross Site Scripting (XSS) in `/admin/myaccount`.
4.2.0.2
Affected by 58 other vulnerabilities.
4.2.0+2
Affected by 0 other vulnerabilities.
4.2.1
Affected by 58 other vulnerabilities.
VCID-91sx-dk5s-dycz
Aliases:
CVE-2022-37247
GHSA-3cvm-7wrh-qrf9
Craft CMS vulnerable to stored Cross-site Scripting via /admin/settings/fields page Craft CMS 4.2.0.1 is vulnerable to stored a cross-site scripting (XSS) via /admin/settings/fields page.
4.2.0.2
Affected by 58 other vulnerabilities.
4.2.0+2
Affected by 0 other vulnerabilities.
4.2.1
Affected by 58 other vulnerabilities.
VCID-van9-c9qy-5bh5
Aliases:
CVE-2022-37251
GHSA-mw37-wx8p-gp45
Craft CMS vulnerable to Cross-site Scripting via entry revisions and drafts Craft CMS `3.70-RC1`–`3.7.55.1` and `4.0.0-RC1`–`4.2.0.1` are vulnerable to Cross Site Scripting (XSS) via entry revisions and drafts. Versions `3.7.55.2` and `4.2.1` contain patches for this issue.
4.2.0.2
Affected by 58 other vulnerabilities.
4.2.0+2
Affected by 0 other vulnerabilities.
4.2.1
Affected by 58 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-05T17:12:12.254661+00:00 GitLab Importer Affected by VCID-6gwq-1fda-xkcj https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/craftcms/cms/CVE-2022-37246.yml 38.6.0
2026-06-05T17:12:06.661606+00:00 GitLab Importer Affected by VCID-van9-c9qy-5bh5 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/craftcms/cms/CVE-2022-37251.yml 38.6.0
2026-06-05T17:12:02.241089+00:00 GitLab Importer Affected by VCID-6h71-zkte-v3ev https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/craftcms/cms/CVE-2022-37250.yml 38.6.0
2026-06-05T17:11:55.186561+00:00 GitLab Importer Affected by VCID-27cr-w1um-d3e5 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/craftcms/cms/CVE-2022-37248.yml 38.6.0
2026-06-05T17:11:51.669186+00:00 GitLab Importer Affected by VCID-91sx-dk5s-dycz https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/craftcms/cms/CVE-2022-37247.yml 38.6.0