Lucene search

Veracode Vulnerability DatabaseVERACODE:4806

HistoryJul 30, 2017 - 8:19 a.m.

Cross-site Scripting (XSS)

2017-07-3008:19:40

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

3.5 Low

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

JSON

TYPO3 CMS is vulnerable to cross-site scripting (XSS) attacks. The library does not properly encode user input, allowing a malicious user to inject and execute arbitrary webscript when storing JSON data.

CPENameOperatorVersion
typo3/cmsle6.2.2

CPE	Name	Operator	Version
	typo3/cms	le	6.2.2

References

lists.opensuse.org/opensuse-updates/2014-06/msg00037.html

typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001/

www.debian.org/security/2014/dsa-2942

www.openwall.com/lists/oss-security/2014/06/03/2

www.securityfocus.com/bid/67625

typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001/

3.5 Low

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

JSON

Related for VERACODE:4806