GitHub Advisory DatabaseGHSA-3MQF-FWC6-VWQWTYPO3 Cross-site scripting (XSS) vulnerability in the FORM content object
3.5 Low
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
5.6 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
45.0%
Cross-site scripting (XSS) vulnerability in the FORM content object in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| typo3/cms-frontend | lt | 4.3.9 | |
| typo3/cms-frontend | lt | 4.4.5 | |
| typo3/cms-frontend | lt | 4.2.16 |
References
www.openwall.com/lists/oss-security/2011/01/13/2
www.openwall.com/lists/oss-security/2012/05/10/7
www.openwall.com/lists/oss-security/2012/05/11/3
www.openwall.com/lists/oss-security/2012/05/12/5
exchange.xforce.ibmcloud.com/vulnerabilities/64179
github.com/advisories/GHSA-3mqf-fwc6-vwqw
github.com/TYPO3/typo3/commit/3c5d15233ca765fabeac21f0600d831595d31cd8
github.com/TYPO3/typo3/commit/4e8bd7a15681c0683196984e871f60f0646ea2b6
github.com/TYPO3/typo3/commit/6d17fe7cef30b09a65e0c2d54f8871ec3ddfc67e
nvd.nist.gov/vuln/detail/CVE-2010-5098
web.archive.org/web/20101229020821/secunia.com/advisories/35770
web.archive.org/web/20111025222220/typo3.org/teams/security/security-bulletins/typo3-sa-2010-022/
web.archive.org/web/20111223211753/www.securityfocus.com/bid/45470
Related
3.5 Low
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
5.6 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
45.0%