| Reporter | Title | Published | Views | Family All 9 |
|---|---|---|---|---|
| TYPO3 Cross-Site Scripting Vulnerability | 24 Apr 201600:00 | – | cnvd | |
| CVE-2016-4056 | 23 Jan 201721:00 | – | cve | |
| CVE-2016-4056 | 23 Jan 201721:00 | – | cvelist | |
| EUVD-2022-3759 | 3 Oct 202520:07 | – | euvd | |
| TYPO3 Backend component Cross-site scripting (XSS) vulnerability | 17 May 202203:03 | – | github | |
| CVE-2016-4056 | 23 Jan 201721:59 | – | nvd | |
| GHSA-FFCM-VHCW-P32R TYPO3 Backend component Cross-site scripting (XSS) vulnerability | 17 May 202203:03 | – | osv | |
| Cross site scripting | 23 Jan 201721:59 | – | prion | |
| CVE-2016-4056 | 23 Jan 201721:59 | – | ubuntucve |
| Source | Link |
|---|---|
| typo3 | www.typo3.org/security/advisory/typo3-core-sa-2016-006 |
# SPDX-FileCopyrightText: 2016 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
CPE = "cpe:/a:typo3:typo3";
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.807828");
script_version("2025-01-21T05:37:33+0000");
script_cve_id("CVE-2016-4056");
script_tag(name:"cvss_base", value:"4.3");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:N/I:P/A:N");
script_tag(name:"last_modification", value:"2025-01-21 05:37:33 +0000 (Tue, 21 Jan 2025)");
script_tag(name:"severity_vector", value:"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2017-01-24 21:13:00 +0000 (Tue, 24 Jan 2017)");
script_tag(name:"creation_date", value:"2016-05-20 18:03:53 +0530 (Fri, 20 May 2016)");
script_name("TYPO3 Bookmark Toolbar XSS Vulnerability (TYPO3-CORE-SA-2016-006)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2016 Greenbone AG");
script_family("Web application abuses");
script_dependencies("gb_typo3_http_detect.nasl");
script_mandatory_keys("typo3/detected");
script_xref(name:"URL", value:"https://typo3.org/security/advisory/typo3-core-sa-2016-006");
script_tag(name:"summary", value:"TYPO3 is prone to a cross-site scripting (XSS) vulnerability.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");
script_tag(name:"insight", value:"The flaw exists due to an error in the bookmark toolbar which
fails to properly encode incoming data.");
script_tag(name:"impact", value:"Successful exploitation will allow remote attackers to execute
arbitrary script code in a user's browser session within the trust relationship between their
browser and the server.");
script_tag(name:"affected", value:"TYPO3 versions 6.2.0 through 6.2.18.");
script_tag(name:"solution", value:"Update to version 6.2.19 or later.");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"remote_banner_unreliable");
exit(0);
}
include("host_details.inc");
include("version_func.inc");
if (!port = get_app_port(cpe: CPE))
exit(0);
if (!infos = get_app_version_and_location(cpe: CPE, port: port, exit_no_version: TRUE, version_regex: "[0-9]+\.[0-9]+\.[0-9]+")) # nb: Version might not be exact enough
exit(0);
version = infos["version"];
path = infos["location"];
if (version =~ "^6\.2" && version_in_range(version: version, test_version: "6.2.0", test_version2: "6.2.18")) {
report = report_fixed_ver(installed_version: version, fixed_version: "6.2.19", install_path: path);
security_message(port: port, data: report);
exit(0);
}
exit(99);
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation