GHSA-7wwr-p84q-qr3q

Suggest an improvement
Source
https://github.com/advisories/GHSA-7wwr-p84q-qr3q
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-7wwr-p84q-qr3q/GHSA-7wwr-p84q-qr3q.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-7wwr-p84q-qr3q
Aliases
  • CVE-2012-1606
Published
2022-05-17T05:23:54Z
Modified
2023-11-08T03:57:04.151175Z
Summary
Typo3 Backend XSS Vulnerabilities
Details

Multiple cross-site scripting (XSS) vulnerabilities in the Backend component in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allow remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors.

References

Affected packages

Packagist / typo3/cms

Package

Name
typo3/cms
Purl
pkg:composer/typo3/cms

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.4.0
Fixed
4.4.14

Database specific

{
    "last_known_affected_version_range": "<= 4.4.13"
}

Packagist / typo3/cms

Package

Name
typo3/cms
Purl
pkg:composer/typo3/cms

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.5.0
Fixed
4.5.14

Database specific

{
    "last_known_affected_version_range": "<= 4.5.13"
}

Packagist / typo3/cms

Package

Name
typo3/cms
Purl
pkg:composer/typo3/cms

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.6.0
Fixed
4.6.7

Database specific

{
    "last_known_affected_version_range": "<= 4.6.6"
}