Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
githubGitHub Advisory DatabaseGHSA-989H-WV8X-933P
HistoryMay 14, 2022 - 2:48 a.m.

TYPO3 cross-site scripting (XSS)

2022-05-1402:48:01
CWE-79
GitHub Advisory Database
github.com
2

5 Medium

AI Score

Confidence

High

0.065 Low

EPSS

Percentile

93.7%

JSON

The sanitizeLocalUrl function in TYPO3 6.x before 6.2.15, 7.x before 7.4.0, 4.5.40, and earlier allows remote authenticated users to bypass the XSS filter and conduct cross-site scripting (XSS) attacks via a base64 encoded data URI, as demonstrated by the (1) returnUrl parameter to show_rechis.php and the (2) redirect_url parameter to index.php.

Related

checkpoint_advisories 1
friendsofphp 1
prion 1
osv 1
typo3 1
packetstorm 1
cve 1
openvas 1
securityvulns 2
ubuntucve 1
checkpoint_advisories
checkpoint_advisories
Typo3 CMS SanitizeLocalUrl Cross-Site Scripting (CVE-2015-5956)
2015-10-08 00:00:00
friendsofphp
friendsofphp
Backend: Non-Persistent Cross-Site Scripting
2015-09-08 10:59:00
prion
prion
Cross site scripting
2015-09-16 14:59:00
osv
osv
TYPO3 cross-site scripting (XSS)
2022-05-14 02:48:01
typo3
typo3
Non-Persistent Cross-Site Scripting
2015-09-08 00:00:00
packetstorm
packetstorm
Typo3 CMS 6.2.14 / 4.5.40 Cross Site Scripting
2015-09-14 00:00:00
cve
cve
CVE-2015-5956
2015-09-16 14:59:00
openvas
openvas
TYPO3 'sanitizeLocalUrl' function Cross-Site Scripting Vulnerability (SA-2015-009)
2015-10-08 00:00:00
securityvulns
securityvulns
[CVE-2015-5956] Typo3 Core sanitizeLocalUrl() Non-Persistent Cross-Site Scripting
2015-10-26 00:00:00
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
2015-10-26 00:00:00
ubuntucve
ubuntucve
CVE-2015-5956
2015-09-16 00:00:00

5 Medium

AI Score

Confidence

High

0.065 Low

EPSS

Percentile

93.7%

JSON
Related for GHSA-989H-WV8X-933P
checkpoint_advisories1friendsofphp1prion1osv1typo31packetstorm1cve1openvas1securityvulns2ubuntucve1