Cross-Site Scripting (XSS) vulnerabilities in Neos

2024-06-0517:24:16

GitHub Advisory Database

github.com

neos

xss

vulnerabilities

page rendering

user credentials

backdoor upload

server

AI Score

6.4

Confidence

High

JSON

It has been discovered that Neos is vulnerable to several XSS attacks. Through these vulnerabilities, an attacker could tamper with page rendering, redirect victims to a fake login page, or capture user credentials (such as cookies). With the potential backdoor upload an attacker could gain access to the server itself, to an extent mainly limited by the server setup.

Affected configurations

Vulners

Node

typo3neosRange2.0.0–2.0.4

typo3neosRange1.2.0–1.2.13

VendorProductVersionCPE
typo3neos*cpe:2.3:a:typo3:neos:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
typo3	neos	*	cpe:2.3:a:typo3:neos::::::::

References

github.com/advisories/GHSA-4542-p56h-8xww

github.com/FriendsOfPHP/security-advisories/blob/master/typo3/neos/2015-11-23.yaml

www.neos.io/blog/neos-sa-2015-002.html

AI Score

6.4

Confidence

High

JSON