Lucene search

Veracode Vulnerability DatabaseVERACODE:46935

HistoryMay 15, 2024 - 9:53 a.m.

Cross-Site Scripting (XSS)

2024-05-1509:53:09

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

cross-site scripting

typo3

cms

input sanitization

user-generated content

exploitation

malicious scripts

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

6.5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.7%

JSON

typo3/cms-core is vulnerable to Cross-Site Scripting (XSS). The vulnerability is caused due to a lack of proper input sanitization and encoding of user-generated content in the form module. Exploiting this flaw enables attackers to inject and execute malicious scripts.

CPENameOperatorVersion
typo3/cms-corelev11.5.36
typo3/cms-corelev13.1.0
typo3/cms-corelev12.4.14
typo3/cms-corelev11.5.36
typo3/cms-corelev13.1.0
typo3/cms-corelev12.4.14

Name	Operator	Version
typo3/cms-core	le	v11.5.36
typo3/cms-core	le	v13.1.0
typo3/cms-core	le	v12.4.14
typo3/cms-core	le	v11.5.36
typo3/cms-core	le	v13.1.0
typo3/cms-core	le	v12.4.14

References

github.com/advisories/GHSA-v6mw-h7w6-59w3

github.com/TYPO3/typo3/commit/2832e2f51f929aeddb5de7d667538a33ceda8156

github.com/TYPO3/typo3/commit/d0393a879a32fb4e3569acad6bdb5cda776be1e5

github.com/TYPO3/typo3/commit/e95a1224719efafb9cab2d85964f240fd0356e64

github.com/TYPO3/typo3/security/advisories/GHSA-v6mw-h7w6-59w3

typo3.org/security/advisory/typo3-core-sa-2024-008