TYPO3 is susceptible to Cross-Site Flashing

2024-06-0314:39:16

GitHub Advisory Database

github.com

typo3

cross-site flashing

validation

flashplayer

external domains

vulnerability

AI Score

7.1

Confidence

Low

The flashplayer misses to validate flash and image files. Therefore it is possible to embed flash videos from external domains.

Affected configurations

Vulners

Node

typo3typo3_cmsRange6.2.0–6.2.16

VendorProductVersionCPE
typo3typo3_cms*cpe:2.3:a:typo3:typo3_cms:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
typo3	typo3_cms	*	cpe:2.3:a:typo3:typo3_cms::::::::

github.com/advisories/GHSA-qrxh-46mr-pr7q

github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2015-12-15-4.yaml

typo3.org/security/advisory/typo3-core-sa-2015-014

typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-014

AI Score

7.1

Confidence

Low