Lucene search
HistoryJul 01, 2013 - 9:55 p.m.
CVE-2012-6148
cve-2012-6148
cross-site scripting
xss
typo3
security vulnerability
3.5 Low
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
5.3 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
38.2%
Cross-site scripting (XSS) vulnerability in the function menu API in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 allows remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors.
Affected configurations
Node
typo3typo3Match4.5
ORtypo3typo3Match4.5.0
ORtypo3typo3Match4.5.1
ORtypo3typo3Match4.5.2
ORtypo3typo3Match4.5.3
ORtypo3typo3Match4.5.4
ORtypo3typo3Match4.5.5
ORtypo3typo3Match4.5.6
ORtypo3typo3Match4.5.7
ORtypo3typo3Match4.5.8
ORtypo3typo3Match4.5.9
ORtypo3typo3Match4.5.10
ORtypo3typo3Match4.5.11
ORtypo3typo3Match4.5.12
ORtypo3typo3Match4.5.13
ORtypo3typo3Match4.5.14
ORtypo3typo3Match4.5.15
ORtypo3typo3Match4.5.16
ORtypo3typo3Match4.5.17
ORtypo3typo3Match4.5.18
ORtypo3typo3Match4.5.19
ORtypo3typo3Match4.5.20
Node
typo3typo3Match4.6
ORtypo3typo3Match4.6.0
ORtypo3typo3Match4.6.1
ORtypo3typo3Match4.6.2
ORtypo3typo3Match4.6.3
ORtypo3typo3Match4.6.4
ORtypo3typo3Match4.6.5
ORtypo3typo3Match4.6.6
ORtypo3typo3Match4.6.7
ORtypo3typo3Match4.6.8
ORtypo3typo3Match4.6.9
ORtypo3typo3Match4.6.10
ORtypo3typo3Match4.6.11
ORtypo3typo3Match4.6.12
ORtypo3typo3Match4.6.13
Node
typo3typo3Match4.7
ORtypo3typo3Match4.7.0
ORtypo3typo3Match4.7.1
ORtypo3typo3Match4.7.2
ORtypo3typo3Match4.7.3
ORtypo3typo3Match4.7.4
ORtypo3typo3Match4.7.5
Related
prion
prion
Cross site scripting
2013-07-01 21:55:00
cvelist
cvelist
CVE-2012-6148
2013-07-01 21:00:00
osv
osv
Typo3 Function Menu API XSS Vulnerability
2022-05-17 01:37:41
github
github
Typo3 Function Menu API XSS Vulnerability
2022-05-17 01:37:41
nvd
nvd
CVE-2012-6148
2013-07-01 21:55:01
typo3
typo3
Several Vulnerabilities in TYPO3 Core
2012-11-08 00:00:00
openvas
openvas
TYPO3 Multiple Vulnerabilities (Nov 2012)
2014-01-03 00:00:00
3.5 Low
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
5.3 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
38.2%
Related for CVE-2012-6148