Lucene search

GitHub Advisory DatabaseGHSA-QQH2-H6GW-6X8X

HistoryMay 14, 2022 - 4:01 a.m.

Typo3 XSS Vulnerabilities

2022-05-1404:01:57

CWE-79

GitHub Advisory Database

github.com

cross-site scripting

typo3 4.5.0

typo3 4.7.19

typo3 6.2.3

remote authenticated editors

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

EPSS

0.001

Percentile

42.5%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in unspecified backend components in TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.0.14, 6.1.0 before 6.1.9, and 6.2.0 before 6.2.3 allow remote authenticated editors to inject arbitrary web script or HTML via unknown parameters.

Affected configurations

Vulners

Node

typo3typo3_cmsRange6.2.0–6.2.3

typo3typo3_cmsRange6.1.0–6.1.8

typo3typo3_cmsRange6.0.0–6.0.13

typo3typo3_cmsRange4.7.0–4.7.18

typo3typo3_cmsRange4.5.0–4.5.33

VendorProductVersionCPE
typo3typo3_cms*cpe:2.3:a:typo3:typo3_cms:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
typo3	typo3_cms	*	cpe:2.3:a:typo3:typo3_cms::::::::

References

lists.opensuse.org/opensuse-updates/2014-06/msg00037.html

typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001/

www.debian.org/security/2014/dsa-2942

www.openwall.com/lists/oss-security/2014/06/03/2

www.securityfocus.com/bid/67625

github.com/advisories/GHSA-qqh2-h6gw-6x8x

github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2014-3943.yaml

nvd.nist.gov/vuln/detail/CVE-2014-3943

typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001/

web.archive.org/web/20200229060129/www.securityfocus.com/bid/67625

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

EPSS

0.001

Percentile

42.5%

JSON

Related for GHSA-QQH2-H6GW-6X8X