Lucene search

Veracode Vulnerability DatabaseVERACODE:46922

HistoryMay 15, 2024 - 7:13 a.m.

HTML Injection

2024-05-1507:13:33

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

html injection

typo3

cms

3.5 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

6.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.7%

JSON

typo3/cms-core is vulnerable to HTML Injection. The vulnerability is caused due to a lack of proper HTML encoding or sanitization in the historyRow.title variable. This allows an attacker to inject malicious HTML markup via the history backend module.

CPENameOperatorVersion
typo3/cms-corelev13.1.0
typo3/cms-corelev13.1.0

CPE	Name	Operator	Version
	typo3/cms-core	le	v13.1.0
	typo3/cms-core	le	v13.1.0

References

github.com/advisories/GHSA-xjwx-78x7-q6jc

github.com/TYPO3/typo3/commit/56afa304ba8b5ad302e15df5def71bcc8d820375

github.com/TYPO3/typo3/security/advisories/GHSA-xjwx-78x7-q6jc

typo3.org/security/advisory/typo3-core-sa-2024-007

3.5 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

6.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.7%

JSON

Related for VERACODE:46922