GitHub Advisory DatabaseGHSA-9C6W-55CP-5W25TYPO3 CMS Stored Cross-Site Scripting via FileDumpController
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
EPSS
Percentile
25.1%
> ### Meta
> * CVSS: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C (5.0)
Problem
It has been discovered that the FileDumpController (backend and frontend context) is vulnerable to cross-site scripting when malicious files are displayed using this component. A valid backend user account is needed to exploit this vulnerability.
Solution
Update to TYPO3 version 7.6.58 ELTS, 8.7.48 ELTS, 9.5.37 ELTS, 10.4.32 or 11.5.16 that fix the problem described above.
Credits
Thanks to Vautia who reported this issue and to TYPO3 core & security team member Oliver Hader who fixed the issue.
References
- TYPO3-CORE-SA-2022-009
- Vulnerability Report on huntr.dev (embargoed +30 days)
Affected configurations
References
github.com/advisories/GHSA-9c6w-55cp-5w25
github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2022-36107.yaml
github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-36107.yaml
github.com/TYPO3/typo3/commit/546208428c861a09d62b86cde141eb19a81fae66
github.com/TYPO3/typo3/commit/bd58d2ff2eeef89e63ef754a2389597d22622a39
github.com/TYPO3/typo3/security/advisories/GHSA-9c6w-55cp-5w25
nvd.nist.gov/vuln/detail/CVE-2022-36107
typo3.org/security/advisory/typo3-core-sa-2022-009
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
EPSS
Percentile
25.1%