GHSA-g7hw-jh4p-75wr
Suggest an improvement- Source
- https://github.com/advisories/GHSA-g7hw-jh4p-75wr
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/06/GHSA-g7hw-jh4p-75wr/GHSA-g7hw-jh4p-75wr.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-g7hw-jh4p-75wr
- Published
- 2024-06-07T17:10:28Z
- Modified
- 2024-12-04T05:38:40.883875Z
- Severity
-
- 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- TYPO3 Cross-Site Scripting in Filelist Module
- Details
-
It has been discovered that the output table listing in the “Files” backend module is vulnerable to cross-site scripting when a file extension contains malicious sequences.
Access to the file system of the server - either directly or through synchronization - is required to exploit the vulnerability.
- Database specific
{ "nvd_published_at": null, "cwe_ids": [ "CWE-79" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2024-06-07T17:10:28Z" }- References
-
- https://github.com/TYPO3/typo3/commit/044d7dbe28382919c765b6b815d420f480a1ac70
- https://github.com/TYPO3/typo3/commit/96b122b756cc778697845d48210b0993c0724b5f
- https://github.com/TYPO3/typo3/commit/fcc1bab07027ba9d8140a91006d3cda1244d6298
- https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2019-12-17-3.yaml
- https://github.com/TYPO3/typo3
- https://typo3.org/security/advisory/typo3-core-sa-2019-023
Affected packages
Packagist / typo3/cms
Package
- Name
- typo3/cms
- Purl
- pkg:composer/typo3/cms
Packagist / typo3/cms
Package
- Name
- typo3/cms
- Purl
- pkg:composer/typo3/cms
Affected versions
8.*
8.0.0
8.0.1
8.1.0
8.1.1
8.1.2
8.2.0
8.2.1
8.3.0
8.3.1
8.4.0
8.4.1
8.5.0
8.5.1
8.6.0
8.6.1
8.7.0
8.7.1
8.7.2
v8.*
v8.7.3
v8.7.4
v8.7.5
v8.7.6
v8.7.7
v8.7.8
v8.7.9
v8.7.10
v8.7.11
v8.7.12
v8.7.13
v8.7.14
v8.7.15
v8.7.16
v8.7.17
v8.7.18
v8.7.19
v8.7.20
v8.7.21
v8.7.22
v8.7.23
v8.7.24
v8.7.25
v8.7.26
v8.7.27
v8.7.28
v8.7.29
Packagist / typo3/cms
Package
- Name
- typo3/cms
- Purl
- pkg:composer/typo3/cms