5.4 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
38.2%
Cross-site scripting (XSS) vulnerability in the function menu API in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 allows remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors.
typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-005
exchange.xforce.ibmcloud.com/vulnerabilities/79968
nvd.nist.gov/vuln/detail/CVE-2012-6148