GHSA-7wwr-p84q-qr3q

Source

https://github.com/advisories/GHSA-7wwr-p84q-qr3q

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-7wwr-p84q-qr3q/GHSA-7wwr-p84q-qr3q.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-7wwr-p84q-qr3q

Aliases

CVE-2012-1606

Published

2022-05-17T05:23:54Z

Modified

2023-11-08T03:57:04.151175Z

Summary

Typo3 Backend XSS Vulnerabilities

Details

Multiple cross-site scripting (XSS) vulnerabilities in the Backend component in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allow remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors.

Database specific

{
    "nvd_published_at": "2012-09-04T20:55:00Z",
    "cwe_ids": [
        "CWE-79"
    ],
    "severity": "LOW",
    "github_reviewed": true,
    "github_reviewed_at": "2023-08-29T23:29:32Z"
}

References

Affected packages

Packagist / typo3/cms

Package

Name: typo3/cms
Purl: pkg:composer/typo3/cms

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.4.0

Fixed

4.4.14

Database specific

{
    "last_known_affected_version_range": "<= 4.4.13"
}

Packagist / typo3/cms

Package

Name: typo3/cms
Purl: pkg:composer/typo3/cms

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.5.0

Fixed

4.5.14

Database specific

{
    "last_known_affected_version_range": "<= 4.5.13"
}

Packagist / typo3/cms

Package

Name: typo3/cms
Purl: pkg:composer/typo3/cms

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.6.0

Fixed

4.6.7

Database specific

{
    "last_known_affected_version_range": "<= 4.6.6"
}