Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:GHSA-989H-WV8X-933P
HistoryMay 14, 2022 - 2:48 a.m.

TYPO3 cross-site scripting (XSS)

2022-05-1402:48:01
Google
osv.dev
3

5 Medium

AI Score

Confidence

High

3.5 Low

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

0.065 Low

EPSS

Percentile

93.6%

JSON

The sanitizeLocalUrl function in TYPO3 6.x before 6.2.15, 7.x before 7.4.0, 4.5.40, and earlier allows remote authenticated users to bypass the XSS filter and conduct cross-site scripting (XSS) attacks via a base64 encoded data URI, as demonstrated by the (1) returnUrl parameter to show_rechis.php and the (2) redirect_url parameter to index.php.

Related

checkpoint_advisories 1
friendsofphp 1
prion 1
typo3 1
packetstorm 1
openvas 1
github 1
cvelist 1
cve 1
securityvulns 2
ubuntucve 1
checkpoint_advisories
checkpoint_advisories
Typo3 CMS SanitizeLocalUrl Cross-Site Scripting (CVE-2015-5956)
2015-10-08 00:00:00
friendsofphp
friendsofphp
Backend: Non-Persistent Cross-Site Scripting
2015-09-08 10:59:00
prion
prion
Cross site scripting
2015-09-16 14:59:00
typo3
typo3
Non-Persistent Cross-Site Scripting
2015-09-08 00:00:00
packetstorm
packetstorm
Typo3 CMS 6.2.14 / 4.5.40 Cross Site Scripting
2015-09-14 00:00:00
openvas
openvas
TYPO3 'sanitizeLocalUrl' function Cross-Site Scripting Vulnerability (SA-2015-009)
2015-10-08 00:00:00
github
github
TYPO3 cross-site scripting (XSS)
2022-05-14 02:48:01
cvelist
cvelist
CVE-2015-5956
2015-09-16 14:00:00
cve
cve
CVE-2015-5956
2015-09-16 14:59:00
securityvulns
securityvulns
[CVE-2015-5956] Typo3 Core sanitizeLocalUrl() Non-Persistent Cross-Site Scripting
2015-10-26 00:00:00
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
2015-10-26 00:00:00
ubuntucve
ubuntucve
CVE-2015-5956
2015-09-16 00:00:00

5 Medium

AI Score

Confidence

High

3.5 Low

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

0.065 Low

EPSS

Percentile

93.6%

JSON
Related for OSV:GHSA-989H-WV8X-933P
checkpoint_advisories1friendsofphp1prion1typo31packetstorm1openvas1github1cvelist1cve1securityvulns2ubuntucve1