Lucene search

GitHub Advisory DatabaseGHSA-W3V6-R62R-FVQH

HistoryMay 17, 2022 - 5:23 a.m.

Typo3 API XSS Vulnerabilities

2022-05-1705:23:54

CWE-20

GitHub Advisory Database

github.com

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

57.9%

JSON

The t3lib_div::RemoveXSS API method in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allows remote attackers to bypass the cross-site scripting (XSS) protection mechanism and inject arbitrary web script or HTML via non printable characters.

CPENameOperatorVersion
typo3/cmsle4.6.6
typo3/cmsle4.5.13
typo3/cmsle4.4.13

Name	Operator	Version
typo3/cms	le	4.6.6
typo3/cms	le	4.5.13
typo3/cms	le	4.4.13

References

typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-001/

www.debian.org/security/2012/dsa-2445

www.openwall.com/lists/oss-security/2012/03/30/4

github.com/advisories/GHSA-w3v6-r62r-fvqh

nvd.nist.gov/vuln/detail/CVE-2012-1608

web.archive.org/web/20120527123559/www.securityfocus.com/bid/52771

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

57.9%

JSON

Related for GHSA-W3V6-R62R-FVQH