GHSA-3mqf-fwc6-vwqw

Source

https://github.com/advisories/GHSA-3mqf-fwc6-vwqw

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-3mqf-fwc6-vwqw/GHSA-3mqf-fwc6-vwqw.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-3mqf-fwc6-vwqw

Aliases

CVE-2010-5098

Published

2022-05-17T01:55:58Z

Modified

2024-02-08T00:11:46.875927Z

Summary

TYPO3 Cross-site scripting (XSS) vulnerability in the FORM content object

Details

Cross-site scripting (XSS) vulnerability in the FORM content object in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

Database specific

{
    "nvd_published_at": "2012-05-21T20:55:00Z",
    "cwe_ids": [
        "CWE-79"
    ],
    "severity": "LOW",
    "github_reviewed": true,
    "github_reviewed_at": "2024-02-07T23:40:36Z"
}

References

Affected packages

Packagist / typo3/cms-frontend

Package

Name: typo3/cms-frontend
Purl: pkg:composer/typo3/cms-frontend

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.2.0

Fixed

4.2.16

Packagist / typo3/cms-frontend

Package

Name: typo3/cms-frontend
Purl: pkg:composer/typo3/cms-frontend

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.4.0

Fixed

4.4.5

Packagist / typo3/cms-frontend

Package

Name: typo3/cms-frontend
Purl: pkg:composer/typo3/cms-frontend

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.3.0

Fixed

4.3.9