Lucene search

[email protected]CVE-2013-7078

HistoryJan 19, 2014 - 6:55 p.m.

CVE-2013-7078

2014-01-1918:55:05

CWE-79

[email protected]

web.nvd.nist.gov

typo3

extbase framework

xss

vulnerability

remote attack

web script

html

error message

cve-2013-7078

2.6 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

7.7 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

65.9%

JSON

Cross-site scripting (XSS) vulnerability in the errorAction method in the ActionController base class in the Extbase Framework in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6, when the Rewritten Property Mapper is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified input, which is returned in an error message. NOTE: this might be the same vulnerability as CVE-2013-7072.

Affected configurations

NVD

Node

typo3typo3Match6.0

typo3typo3Match6.0.1

typo3typo3Match6.0.2

typo3typo3Match6.0.3

typo3typo3Match6.0.4

typo3typo3Match6.0.5

typo3typo3Match6.0.6

typo3typo3Match6.0.7

typo3typo3Match6.0.8

typo3typo3Match6.0.9

typo3typo3Match6.0.10

typo3typo3Match6.0.11

Node

typo3typo3Match6.1

typo3typo3Match6.1.1

typo3typo3Match6.1.2

typo3typo3Match6.1.3

typo3typo3Match6.1.4

typo3typo3Match6.1.5

typo3typo3Match6.1.6

Node

typo3typo3Match4.7

typo3typo3Match4.7.0

typo3typo3Match4.7.1

typo3typo3Match4.7.2

typo3typo3Match4.7.3

typo3typo3Match4.7.4

typo3typo3Match4.7.5

typo3typo3Match4.7.6

typo3typo3Match4.7.7

typo3typo3Match4.7.8

typo3typo3Match4.7.9

typo3typo3Match4.7.10

typo3typo3Match4.7.11

typo3typo3Match4.7.12

typo3typo3Match4.7.13

typo3typo3Match4.7.14

typo3typo3Match4.7.15

typo3typo3Match4.7.16

Node

typo3typo3Match4.5

typo3typo3Match4.5.0

typo3typo3Match4.5.1

typo3typo3Match4.5.2

typo3typo3Match4.5.3

typo3typo3Match4.5.4

typo3typo3Match4.5.5

typo3typo3Match4.5.6

typo3typo3Match4.5.7

typo3typo3Match4.5.8

typo3typo3Match4.5.9

typo3typo3Match4.5.10

typo3typo3Match4.5.11

typo3typo3Match4.5.12

typo3typo3Match4.5.13

typo3typo3Match4.5.14

typo3typo3Match4.5.15

typo3typo3Match4.5.16

typo3typo3Match4.5.17

typo3typo3Match4.5.18

typo3typo3Match4.5.19

typo3typo3Match4.5.20

typo3typo3Match4.5.21

typo3typo3Match4.5.22

typo3typo3Match4.5.23

typo3typo3Match4.5.24

typo3typo3Match4.5.25

typo3typo3Match4.5.26

typo3typo3Match4.5.27

typo3typo3Match4.5.28

typo3typo3Match4.5.29

typo3typo3Match4.5.30

typo3typo3Match4.5.31

CPENameOperatorVersion
typo3:typo3typo3eq6.0
typo3:typo3typo3eq6.0.1
typo3:typo3typo3eq6.0.2
typo3:typo3typo3eq6.0.3
typo3:typo3typo3eq6.0.4
typo3:typo3typo3eq6.0.5
typo3:typo3typo3eq6.0.6
typo3:typo3typo3eq6.0.7
typo3:typo3typo3eq6.0.8
typo3:typo3typo3eq6.0.9

CPE	Name	Operator	Version
typo3:typo3	typo3	eq	6.0
typo3:typo3	typo3	eq	6.0.1
typo3:typo3	typo3	eq	6.0.2
typo3:typo3	typo3	eq	6.0.3
typo3:typo3	typo3	eq	6.0.4
typo3:typo3	typo3	eq	6.0.5
typo3:typo3	typo3	eq	6.0.6
typo3:typo3	typo3	eq	6.0.7
typo3:typo3	typo3	eq	6.0.8
typo3:typo3	typo3	eq	6.0.9