3.5 Low
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
TYPO3 CMS is vulnerable to cross-site scripting (XSS) attacks. The library does not properly encode user input, allowing a malicious user to inject and execute arbitrary webscript when storing JSON data.
lists.opensuse.org/opensuse-updates/2014-06/msg00037.html
typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001/
www.debian.org/security/2014/dsa-2942
www.openwall.com/lists/oss-security/2014/06/03/2
www.securityfocus.com/bid/67625
typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001/