Lucene search
Ubuntu.comUB:CVE-2015-5956HistorySep 16, 2015 - 12:00 a.m.
CVE-2015-5956
2015-09-1600:00:00
ubuntu.com
ubuntu.com
4
0.065 Low
EPSS
Percentile
93.7%
The sanitizeLocalUrl function in TYPO3 6.x before 6.2.15, 7.x before 7.4.0,
4.5.40, and earlier allows remote authenticated users to bypass the XSS
filter and conduct cross-site scripting (XSS) attacks via a base64 encoded
data URI, as demonstrated by the (1) returnUrl parameter to show_rechis.php
and the (2) redirect_url parameter to index.php.
Related
checkpoint_advisories
checkpoint_advisories
Typo3 CMS SanitizeLocalUrl Cross-Site Scripting (CVE-2015-5956)
2015-10-08 00:00:00
friendsofphp
friendsofphp
Backend: Non-Persistent Cross-Site Scripting
2015-09-08 10:59:00
prion
prion
Cross site scripting
2015-09-16 14:59:00
osv
osv
TYPO3 cross-site scripting (XSS)
2022-05-14 02:48:01
typo3
typo3
Non-Persistent Cross-Site Scripting
2015-09-08 00:00:00
securityvulns
securityvulns
packetstorm
packetstorm
Typo3 CMS 6.2.14 / 4.5.40 Cross Site Scripting
2015-09-14 00:00:00
cvelist
cvelist
CVE-2015-5956
2015-09-16 14:00:00
openvas
openvas
cve
cve
CVE-2015-5956
2015-09-16 14:59:00
github
github
TYPO3 cross-site scripting (XSS)
2022-05-14 02:48:01