Lucene search
GitHub Advisory DatabaseGHSA-94C2-G68F-9R98HistoryMay 17, 2022 - 1:43 a.m.
Typo3 API XSS Vulnerability
2022-05-1701:43:49
CWE-79
GitHub Advisory Database
github.com
7
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
6.1 Medium
AI Score
Confidence
High
0.003 Low
EPSS
Percentile
71.7%
Incomplete blacklist vulnerability in the t3lib_div::quoteJSvalue API function in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote attackers to conduct cross-site scripting (XSS) attacks via certain HTML5 JavaScript events.
Affected configurations
Node
typo3cms_poll_system_extensionRange<4.7.4
ORtypo3cms_poll_system_extensionRange<4.6.12
ORtypo3cms_poll_system_extensionRange<4.5.19
References
Related
ubuntucve
ubuntucve
CVE-2012-3530
2012-09-05 00:00:00
osv
osv
Typo3 API XSS Vulnerability
2022-05-17 01:43:49
typo3-src - several
2012-08-30 00:00:00
nvd
nvd
CVE-2012-3530
2012-09-05 23:55:02
cve
cve
CVE-2012-3530
2012-09-05 23:55:02
seebug
seebug
TYPO3 不完整黑名单跨站脚本漏洞(CVE-2012-3530)
2012-09-09 00:00:00
prion
prion
Cross site scripting
2012-09-05 23:55:00
cvelist
cvelist
CVE-2012-3530
2012-09-05 23:00:00
securityvulns
securityvulns
[SECURITY] [DSA 2537-1] typo3-src security update
2012-09-02 00:00:00
openvas
openvas
TYPO3 Multiple Vulnerabilities (Aug 2012)
2014-01-03 00:00:00
Debian Security Advisory DSA 2537-1 (typo3-src)
2012-09-07 00:00:00
Debian: Security Advisory (DSA-2537-1)
2012-09-07 00:00:00
debian
debian
[SECURITY] [DSA 2537-1] typo3-src security update
2012-08-30 19:58:21
nessus
nessus
Debian DSA-2537-1 : typo3-src - several vulnerabilities
2012-08-31 00:00:00
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
6.1 Medium
AI Score
Confidence
High
0.003 Low
EPSS
Percentile
71.7%
Related for GHSA-94C2-G68F-9R98