Lucene search

[email protected]CVE-2020-8091

HistoryJan 27, 2020 - 10:15 p.m.

CVE-2020-8091

2020-01-2722:15:11

CWE-79

[email protected]

web.nvd.nist.gov

cve-2020-8091

typo3

elts

xss

remote attacker

security vulnerability

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.002 Low

EPSS

Percentile

57.8%

JSON

svg.swf in TYPO3 6.2.0 to 6.2.38 ELTS and 7.0.0 to 7.1.0 could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on a targeted system. This may be at a contrib/websvg/svg.swf pathname.

Affected configurations

NVD

Node

typo3typo3Range6.2–6.2.39elts

typo3typo3Range7.0.0–7.1.0

CPENameOperatorVersion
typo3:typo3typo3lt6.2.39
typo3:typo3typo3le7.1.0

CPE	Name	Operator	Version
typo3:typo3	typo3	lt	6.2.39
typo3:typo3	typo3	le	7.1.0

References

typo3.org/security/advisory/typo3-psa-2019-003/

www.purplemet.com/blog/typo3-xss-vulnerability

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.002 Low

EPSS

Percentile

57.8%

JSON

Related for CVE-2020-8091

openvas1 github1 osv2 cvelist1 attackerkb1 prion1 typo31 nvd1