GitHub Advisory DatabaseGHSA-9HW3-4GVP-8MV5TYPO3 Cross-site scripting (XSS) vulnerability in the click enlarge functionality
2.6 Low
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:N/C:N/I:P/A:N
6 Medium
AI Score
Confidence
High
0.003 Low
EPSS
Percentile
70.6%
Cross-site scripting (XSS) vulnerability in the click enlarge functionality in TYPO3 4.3.x before 4.3.9 and 4.4.x before 4.4.5 when the caching framework is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| typo3/cms-frontend | lt | 4.4.5 | |
| typo3/cms-frontend | lt | 4.3.9 |
References
typo3.org/teams/security/security-bulletins/typo3-core/typo3-sa-2010-022/
www.openwall.com/lists/oss-security/2011/01/13/2
www.openwall.com/lists/oss-security/2012/05/10/7
www.openwall.com/lists/oss-security/2012/05/11/3
www.openwall.com/lists/oss-security/2012/05/12/5
exchange.xforce.ibmcloud.com/vulnerabilities/64178
github.com/advisories/GHSA-9hw3-4gvp-8mv5
nvd.nist.gov/vuln/detail/CVE-2010-5097
web.archive.org/web/20110201071734/secunia.com/advisories/35770
web.archive.org/web/20111223211753/www.securityfocus.com/bid/45470
Related
2.6 Low
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:N/C:N/I:P/A:N
6 Medium
AI Score
Confidence
High
0.003 Low
EPSS
Percentile
70.6%