Search...

CVE-2016-4056

2017-01-23T21:59:00

ID CVE-2016-4056
Type cve
Reporter cve@mitre.org
Modified 2017-01-24T21:13:00

Description

Cross-site scripting (XSS) vulnerability in the Backend component in TYPO3 6.2.x before 6.2.19 allows remote attackers to inject arbitrary web script or HTML via the module parameter when creating a bookmark.

JSON Vulners Source

Initial Source

{"id": "CVE-2016-4056", "bulletinFamily": "NVD", "title": "CVE-2016-4056", "description": "Cross-site scripting (XSS) vulnerability in the Backend component in TYPO3 6.2.x before 6.2.19 allows remote attackers to inject arbitrary web script or HTML via the module parameter when creating a bookmark.", "published": "2017-01-23T21:59:00", "modified": "2017-01-24T21:13:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4056", "reporter": "cve@mitre.org", "references": ["http://www.openwall.com/lists/oss-security/2016/04/21/1", "https://labs.integrity.pt/advisories/cve-pending-stored-cross-site-scripting-in-typo3-bookmarks/", "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-006/"], "cvelist": ["CVE-2016-4056"], "type": "cve", "lastseen": "2020-10-03T12:10:45", "edition": 3, "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "openvas", "idList": ["OPENVAS:1361412562310807828"]}, {"type": "typo3", "idList": ["TYPO3-CORE-SA-2016-006"]}], "modified": "2020-10-03T12:10:45", "rev": 2}, "score": {"value": 3.6, "vector": "NONE", "modified": "2020-10-03T12:10:45", "rev": 2}, "vulnersScore": 3.6}, "cpe": ["cpe:/a:typo3:typo3:6.2.4", "cpe:/a:typo3:typo3:6.2.13", "cpe:/a:typo3:typo3:6.2.5", "cpe:/a:typo3:typo3:6.2.3", "cpe:/a:typo3:typo3:6.2.7", "cpe:/a:typo3:typo3:6.2.15", "cpe:/a:typo3:typo3:6.2.18", "cpe:/a:typo3:typo3:6.2.6", "cpe:/a:typo3:typo3:6.2.11", "cpe:/a:typo3:typo3:6.2.9", "cpe:/a:typo3:typo3:6.2.14", "cpe:/a:typo3:typo3:6.2.10", "cpe:/a:typo3:typo3:6.2.16", "cpe:/a:typo3:typo3:6.2.17", "cpe:/a:typo3:typo3:6.2.12", "cpe:/a:typo3:typo3:6.2.0", "cpe:/a:typo3:typo3:6.2.1", "cpe:/a:typo3:typo3:6.2.8", "cpe:/a:typo3:typo3:6.2", "cpe:/a:typo3:typo3:6.2.2"], "affectedSoftware": [{"cpeName": "typo3:typo3", "name": "typo3", "operator": "eq", "version": "6.2.4"}, {"cpeName": "typo3:typo3", "name": "typo3", "operator": "eq", "version": "6.2.6"}, {"cpeName": "typo3:typo3", "name": "typo3", "operator": "eq", "version": "6.2.3"}, {"cpeName": "typo3:typo3", "name": "typo3", "operator": "eq", "version": "6.2.12"}, {"cpeName": "typo3:typo3", "name": "typo3", "operator": "eq", "version": "6.2.7"}, {"cpeName": "typo3:typo3", "name": "typo3", "operator": "eq", "version": "6.2.0"}, {"cpeName": "typo3:typo3", "name": "typo3", "operator": "eq", "version": "6.2.0"}, {"cpeName": "typo3:typo3", "name": "typo3", "operator": "eq", "version": "6.2.0"}, {"cpeName": "typo3:typo3", "name": "typo3", "operator": "eq", "version": "6.2.0"}, {"cpeName": "typo3:typo3", "name": "typo3", "operator": "eq", "version": "6.2.0"}, {"cpeName": "typo3:typo3", "name": "typo3", "operator": "eq", "version": "6.2.0"}, {"cpeName": "typo3:typo3", "name": "typo3", "operator": "eq", "version": "6.2.0"}, {"cpeName": "typo3:typo3", "name": "typo3", "operator": "eq", "version": "6.2.0"}, {"cpeName": "typo3:typo3", "name": "typo3", "operator": "eq", "version": "6.2.0"}, {"cpeName": "typo3:typo3", "name": "typo3", "operator": "eq", "version": "6.2.0"}, {"cpeName": "typo3:typo3", "name": "typo3", "operator": "eq", "version": "6.2.0"}, {"cpeName": "typo3:typo3", "name": "typo3", "operator": "eq", "version": "6.2.0"}, {"cpeName": "typo3:typo3", "name": "typo3", "operator": "eq", "version": "6.2.17"}, {"cpeName": "typo3:typo3", "name": "typo3", "operator": "eq", "version": "6.2.14"}, {"cpeName": "typo3:typo3", "name": "typo3", "operator": "eq", "version": "6.2.13"}, {"cpeName": "typo3:typo3", "name": "typo3", "operator": "eq", "version": "6.2.18"}, {"cpeName": "typo3:typo3", "name": "typo3", "operator": "eq", "version": "6.2.10"}, {"cpeName": "typo3:typo3", "name": "typo3", "operator": "eq", "version": "6.2.10"}, {"cpeName": "typo3:typo3", "name": "typo3", "operator": "eq", "version": "6.2"}, {"cpeName": "typo3:typo3", "name": "typo3", "operator": "eq", "version": "6.2.15"}, {"cpeName": "typo3:typo3", "name": "typo3", "operator": "eq", "version": "6.2.8"}, {"cpeName": "typo3:typo3", "name": "typo3", "operator": "eq", "version": "6.2.16"}, {"cpeName": "typo3:typo3", "name": "typo3", "operator": "eq", "version": "6.2.11"}, {"cpeName": "typo3:typo3", "name": "typo3", "operator": "eq", "version": "6.2.5"}, {"cpeName": "typo3:typo3", "name": "typo3", "operator": "eq", "version": "6.2.2"}, {"cpeName": "typo3:typo3", "name": "typo3", "operator": "eq", "version": "6.2.1"}, {"cpeName": "typo3:typo3", "name": "typo3", "operator": "eq", "version": "6.2.9"}], "cvss2": {"cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7}, "cpe23": ["cpe:2.3:a:typo3:typo3:6.2.12:*:*:*:*:*:*:*", "cpe:2.3:a:typo3:typo3:6.2.0:beta5:*:*:*:*:*:*", "cpe:2.3:a:typo3:typo3:6.2.0:alpha3:*:*:*:*:*:*", "cpe:2.3:a:typo3:typo3:6.2.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:typo3:typo3:6.2.0:alpha2:*:*:*:*:*:*", "cpe:2.3:a:typo3:typo3:6.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:typo3:typo3:6.2.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:typo3:typo3:6.2.18:*:*:*:*:*:*:*", "cpe:2.3:a:typo3:typo3:6.2.17:*:*:*:*:*:*:*", "cpe:2.3:a:typo3:typo3:6.2.0:beta3:*:*:*:*:*:*", "cpe:2.3:a:typo3:typo3:6.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:typo3:typo3:6.2:*:*:*:*:*:*:*", "cpe:2.3:a:typo3:typo3:6.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:typo3:typo3:6.2.16:*:*:*:*:*:*:*", "cpe:2.3:a:typo3:typo3:6.2.0:alpha1:*:*:*:*:*:*", "cpe:2.3:a:typo3:typo3:6.2.0:beta6:*:*:*:*:*:*", "cpe:2.3:a:typo3:typo3:6.2.10:rc1:*:*:*:*:*:*", "cpe:2.3:a:typo3:typo3:6.2.0:beta7:*:*:*:*:*:*", "cpe:2.3:a:typo3:typo3:6.2.15:*:*:*:*:*:*:*", "cpe:2.3:a:typo3:typo3:6.2.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:typo3:typo3:6.2.11:*:*:*:*:*:*:*", "cpe:2.3:a:typo3:typo3:6.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:typo3:typo3:6.2.9:*:*:*:*:*:*:*", "cpe:2.3:a:typo3:typo3:6.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:typo3:typo3:6.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:typo3:typo3:6.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:typo3:typo3:6.2.7:*:*:*:*:*:*:*", "cpe:2.3:a:typo3:typo3:6.2.10:*:*:*:*:*:*:*", "cpe:2.3:a:typo3:typo3:6.2.0:beta4:*:*:*:*:*:*", "cpe:2.3:a:typo3:typo3:6.2.14:*:*:*:*:*:*:*", "cpe:2.3:a:typo3:typo3:6.2.13:*:*:*:*:*:*:*", "cpe:2.3:a:typo3:typo3:6.2.0:rc2:*:*:*:*:*:*"], "cwe": ["CWE-79"], "scheme": null, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:typo3:typo3:6.2.0:beta7:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:typo3:typo3:6.2.0:beta1:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:typo3:typo3:6.2.18:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:typo3:typo3:6.2.0:alpha3:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:typo3:typo3:6.2.11:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:typo3:typo3:6.2.0:beta5:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:typo3:typo3:6.2.2:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:typo3:typo3:6.2.4:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:typo3:typo3:6.2.7:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:typo3:typo3:6.2.5:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:typo3:typo3:6.2.6:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:typo3:typo3:6.2.16:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:typo3:typo3:6.2.17:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:typo3:typo3:6.2.0:alpha1:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:typo3:typo3:6.2.9:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:typo3:typo3:6.2.0:beta4:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:typo3:typo3:6.2.1:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:typo3:typo3:6.2.3:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:typo3:typo3:6.2.0:beta2:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:typo3:typo3:6.2.0:rc1:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:typo3:typo3:6.2.13:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:typo3:typo3:6.2.12:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:typo3:typo3:6.2:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:typo3:typo3:6.2.14:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:typo3:typo3:6.2.10:rc1:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:typo3:typo3:6.2.0:alpha2:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:typo3:typo3:6.2.8:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:typo3:typo3:6.2.0:rc2:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:typo3:typo3:6.2.0:beta6:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:typo3:typo3:6.2.15:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:typo3:typo3:6.2.0:beta3:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:typo3:typo3:6.2.10:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}]}}

{"openvas": [{"lastseen": "2019-07-25T12:17:28", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-4056"], "description": "This host is installed with TYPO3 and\n is prone to cross site scripting vulnerability.", "modified": "2019-07-24T00:00:00", "published": "2016-05-20T00:00:00", "id": "OPENVAS:1361412562310807828", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310807828", "type": "openvas", "title": "TYPO3 Bookmark Toolbar Cross-Site Scripting Vulnerability May16 (SA-2016-006)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# TYPO3 Bookmark Toolbar Cross-Site Scripting Vulnerability May16 (SA-2016-006)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:typo3:typo3\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.807828\");\n script_version(\"2019-07-24T08:39:52+0000\");\n script_cve_id(\"CVE-2016-4056\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"2019-07-24 08:39:52 +0000 (Wed, 24 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-05-20 18:03:53 +0530 (Fri, 20 May 2016)\");\n script_name(\"TYPO3 Bookmark Toolbar Cross-Site Scripting Vulnerability May16 (SA-2016-006)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with TYPO3 and\n is prone to cross site scripting vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw exists due to an error in\n the bookmark toolbar which fails to properly encode incoming data.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow\n remote attackers to execute arbitrary script code in a user's browser session\n within the trust relationship between their browser and the server.\");\n\n script_tag(name:\"affected\", value:\"TYPO3 versions 6.2.0 through 6.2.18\");\n\n script_tag(name:\"solution\", value:\"Upgrade to TYPO3 version 6.2.19 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n script_xref(name:\"URL\", value:\"https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-006\");\n\n script_category(ACT_GATHER_INFO);\n script_family(\"Web application abuses\");\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_dependencies(\"gb_typo3_detect.nasl\");\n script_mandatory_keys(\"TYPO3/installed\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(!typoPort = get_app_port(cpe:CPE)){\n exit(0);\n}\n\nif(!typoVer = get_app_version(cpe:CPE, port:typoPort)){\n exit(0);\n}\n\nif(typoVer !~ \"[0-9]+\\.[0-9]+\\.[0-9]+\") exit(0); # Version is not exact enough\n\nif(typoVer =~ \"^6\\.2\")\n{\n if(version_in_range(version:typoVer, test_version:\"6.2.0\", test_version2:\"6.2.18\"))\n {\n report = report_fixed_ver(installed_version:typoVer, fixed_version:\"6.2.19\");\n security_message(port:typoPort, data:report);\n exit(0);\n }\n}\n\nexit(99);", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}]}