Lucene search

GitHub Advisory DatabaseGHSA-QFR3-29W6-HWPG

HistoryMay 17, 2022 - 1:46 a.m.

Typo3 Exception Handler XSS

2022-05-1701:46:40

CWE-79

GitHub Advisory Database

github.com

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.3%

JSON

Cross-site scripting (XSS) vulnerability in the Exception Handler in TYPO3 4.4.x before 4.4.15, 4.5.x before 4.5.15, 4.6.x before 4.6.8, and 4.7 allows remote attackers to inject arbitrary web script or HTML via exception messages.

Affected configurations

Vulners

Node

typo3cms_poll_system_extensionMatch4.7

typo3cms_poll_system_extensionRange<4.6.8

typo3cms_poll_system_extensionRange<4.5.15

typo3cms_poll_system_extensionRange<4.4.15

CPENameOperatorVersion
typo3/cmseq4.7
typo3/cmslt4.6.8
typo3/cmslt4.5.15
typo3/cmslt4.4.15

Name	Operator	Version
typo3/cms	eq	4.7
typo3/cms	lt	4.6.8
typo3/cms	lt	4.5.15
typo3/cms	lt	4.4.15

References

lists.typo3.org/pipermail/typo3-announce/2012/000241.html

lists.typo3.org/pipermail/typo3-announce/2012/000242.html

typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-002/

www.debian.org/security/2012/dsa-2455

www.openwall.com/lists/oss-security/2012/04/17/5

www.openwall.com/lists/oss-security/2012/04/18/1

exchange.xforce.ibmcloud.com/vulnerabilities/74920

github.com/advisories/GHSA-qfr3-29w6-hwpg

nvd.nist.gov/vuln/detail/CVE-2012-2112

web.archive.org/web/20120421201555/www.securityfocus.com/bid/53047

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.3%

JSON

Related for GHSA-QFR3-29W6-HWPG