GHSA-p9wg-jvj4-cx26

Source

https://github.com/advisories/GHSA-p9wg-jvj4-cx26

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-p9wg-jvj4-cx26/GHSA-p9wg-jvj4-cx26.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-p9wg-jvj4-cx26

Aliases

CVE-2012-3531

Published

2022-05-17T01:43:44Z

Modified

2024-01-12T18:41:40.057816Z

Summary

Typo3 Install Tool XSS Vulnerability

Details

Cross-site scripting (XSS) vulnerability in the Install Tool in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Database specific

{
    "nvd_published_at": "2012-09-05T23:55:00Z",
    "cwe_ids": [
        "CWE-79"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2024-01-12T18:14:16Z"
}

References

Affected packages

Packagist / typo3/cms

Package

Name: typo3/cms
Purl: pkg:composer/typo3/cms

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.5

Fixed

4.5.19

Packagist / typo3/cms

Package

Name: typo3/cms
Purl: pkg:composer/typo3/cms

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.6

Fixed

4.6.12

Packagist / typo3/cms

Package

Name: typo3/cms
Purl: pkg:composer/typo3/cms

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.7

Fixed

4.7.4