GHSA-7w6c-5pr4-7qvp

Source

https://github.com/advisories/GHSA-7w6c-5pr4-7qvp

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-7w6c-5pr4-7qvp/GHSA-7w6c-5pr4-7qvp.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-7w6c-5pr4-7qvp

Aliases

CVE-2012-3528

Published

2022-05-17T01:43:57Z

Modified

2024-01-12T18:26:37.071319Z

Summary

Typo3 Backend XSS Vulnerability

Details

Multiple cross-site scripting (XSS) vulnerabilities in the backend in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allow remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors.

Database specific

{
    "nvd_published_at": "2012-09-05T23:55:00Z",
    "cwe_ids": [
        "CWE-79"
    ],
    "severity": "LOW",
    "github_reviewed": true,
    "github_reviewed_at": "2024-01-12T18:12:07Z"
}

References

Affected packages

Packagist / typo3/cms

Package

Name: typo3/cms
Purl: pkg:composer/typo3/cms

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.5

Fixed

4.5.19

Packagist / typo3/cms

Package

Name: typo3/cms
Purl: pkg:composer/typo3/cms

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.6

Fixed

4.6.12

Packagist / typo3/cms

Package

Name: typo3/cms
Purl: pkg:composer/typo3/cms

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.7

Fixed

4.7.4