GHSA-qmmw-ch2q-j6xx

Source

https://github.com/advisories/GHSA-qmmw-ch2q-j6xx

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-qmmw-ch2q-j6xx/GHSA-qmmw-ch2q-j6xx.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-qmmw-ch2q-j6xx

Aliases

CVE-2012-6147

Published

2022-05-17T01:37:41Z

Modified

2024-01-12T18:13:41.746922Z

Summary

Typo3 Backend API XSS Vulnerability

Details

Cross-site scripting (XSS) vulnerability in the tree render API (TCA-Tree) in the Backend API in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 allows remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors.

Database specific

{
    "nvd_published_at": "2013-07-01T21:55:00Z",
    "cwe_ids": [
        "CWE-79"
    ],
    "severity": "LOW",
    "github_reviewed": true,
    "github_reviewed_at": "2024-01-12T17:58:35Z"
}

References

Affected packages

Packagist / typo3/cms

Package

Name: typo3/cms
Purl: pkg:composer/typo3/cms

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.5.0

Fixed

4.5.21

Packagist / typo3/cms

Package

Name: typo3/cms
Purl: pkg:composer/typo3/cms

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.6.0

Fixed

4.6.14

Packagist / typo3/cms

Package

Name: typo3/cms
Purl: pkg:composer/typo3/cms

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.7.0

Fixed

4.7.6