TYPO3 Cross-Site Scripting Vulnerability Exploitable by Editors

2024-05-3021:06:13

CWE-79

GitHub Advisory Database

github.com

typo3

cross-site scripting

vulnerability

frontend

backend

filelist module

exploitable

editors

html

attributes

user account

6.1 Medium

AI Score

Confidence

High

JSON

It has been discovered that link tags generated by typolink functionality in the website’s frontend are vulnerable to cross-site scripting - values being assigned to HTML attributes have not been parsed correctly. A valid backend user account is needed to exploit this vulnerability.

As second and separate vulnerability in the filelist module of the backend user interface has been referenced with this advisory as well. Error messages being shown after using a malicious name for renaming a file are not propery encoded, thus vulnerable to cross-site scripting. A valid backend user account is needed to exploit this vulnerability.

Affected configurations

Vulners

Node

typo3cms_poll_system_extensionRange<7.3.1

typo3cms_poll_system_extensionRange<6.2.14

CPENameOperatorVersion
typo3/cmslt7.3.1
typo3/cmslt6.2.14

CPE	Name	Operator	Version
	typo3/cms	lt	7.3.1
	typo3/cms	lt	6.2.14

References

github.com/advisories/GHSA-wp8j-c736-c5r3

github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2015-07-01-3.yaml

github.com/TYPO3/typo3/commit/7695d91fca1a96a3a3e7466097ae92c32b1130d8

github.com/TYPO3/typo3/commit/d7feb40c8d277c6b6ab3a548313be1e1a2084299

typo3.org/security/advisory/typo3-core-sa-2015-004

typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-004

6.1 Medium

AI Score

Confidence

High

JSON