Lucene search

FreeBSD67516177-88EC-11E1-9A10-0023AE8E59F0

HistoryApr 17, 2012 - 12:00 a.m.

typo -- Cross-Site Scripting

2012-04-1700:00:00

vuxml.freebsd.org

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

69.0%

JSON

Typo Security Team reports:

Failing to properly encode the output, the default TYPO3
Exception Handler is susceptible to Cross-Site Scripting. We
are not aware of a possibility to exploit this vulnerability
without third party extensions being installed that put user
input in exception messages. However, it has come to our
attention that extensions using the extbase MVC framework can
be used to exploit this vulnerability if these extensions
accept objects in controller actions.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchtypo3= 4.6.0UNKNOWN
FreeBSDanynoarchtypo3<= 4.6.7UNKNOWN

OS	Version	Architecture	Package	Version	Filename
FreeBSD	any	noarch	typo3	= 4.6.0	UNKNOWN
FreeBSD	any	noarch	typo3	<= 4.6.7	UNKNOWN

References

typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-002/

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

69.0%

JSON

Related for 67516177-88EC-11E1-9A10-0023AE8E59F0