typo3 -- multiple vulnerabilities

2023-07-2500:00:00

vuxml.freebsd.org

typo3

multiple vulnerabilities

bypassing xss protection

information disclosure

ckeditor4 plugin

html sanitizer

out-of-scope site resolution

unix

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

33.6%

JSON

TYPO3 reports:

TYPO3-CORE-SA-2023-002: By-passing Cross-Site Scripting Protection in HTML Sanitizer
TYPO3-CORE-SA-2023-003: Information Disclosure due to Out-of-scope Site Resolution
TYPO3-CORE-SA-2023-004: Cross-Site Scripting in CKEditor4 WordCount Plugin

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchtypo3-11-php80< 11.5.30UNKNOWN
FreeBSDanynoarchtypo3-11-php81< 11.5.30UNKNOWN
FreeBSDanynoarchtypo3-12-php80< 12.4.4UNKNOWN
FreeBSDanynoarchtypo3-12-php81< 12.4.4UNKNOWN

OS	Version	Architecture	Package	Version	Filename
FreeBSD	any	noarch	typo3-11-php80	< 11.5.30	UNKNOWN
FreeBSD	any	noarch	typo3-11-php81	< 11.5.30	UNKNOWN
FreeBSD	any	noarch	typo3-12-php80	< 12.4.4	UNKNOWN
FreeBSD	any	noarch	typo3-12-php81	< 12.4.4	UNKNOWN