Lucene search

GitHub Advisory DatabaseGHSA-5CMC-R23M-HVRR

HistoryMay 17, 2022 - 1:29 a.m.

TYPO3 Cross-site scripting (XSS) vulnerability in the Backend User Administration Module

2022-05-1701:29:43

CWE-79

GitHub Advisory Database

github.com

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

65.6%

JSON

Cross-site scripting (XSS) vulnerability in the Backend User Administration Module in TYPO3 6.0.x before 6.0.12 and 6.1.x before 6.1.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Affected configurations

Vulners

Node

typo3cms_poll_system_extensionRange<6.1.7

typo3cms_poll_system_extensionRange<6.0.12

CPENameOperatorVersion
typo3/cms-corelt6.1.7
typo3/cms-corelt6.0.12

CPE	Name	Operator	Version
	typo3/cms-core	lt	6.1.7
	typo3/cms-core	lt	6.0.12

References

osvdb.org/100884

seclists.org/oss-sec/2013/q4/473

seclists.org/oss-sec/2013/q4/487

typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004

exchange.xforce.ibmcloud.com/vulnerabilities/89626

github.com/advisories/GHSA-5cmc-r23m-hvrr

nvd.nist.gov/vuln/detail/CVE-2013-7077

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

65.6%

JSON

Related for GHSA-5CMC-R23M-HVRR