GHSA-r8m7-792j-5jvq
Suggest an improvement- Source
- https://github.com/advisories/GHSA-r8m7-792j-5jvq
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-r8m7-792j-5jvq/GHSA-r8m7-792j-5jvq.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-r8m7-792j-5jvq
- Aliases
-
- CVE-2013-7074
- Published
- 2022-05-17T01:29:44Z
- Modified
- 2023-11-08T03:57:27.523567Z
- Severity
-
- 3.0 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N CVSS Calculator
- Summary
- TYPO3 Cross-Site Scripting (XSS) vulnerabilities in Content Editing Wizards component
- Details
-
Multiple cross-site scripting (XSS) vulnerabilities in Content Editing Wizards in TYPO3 4.5.x before 4.5.32, 4.7.x before 4.7.17, 6.0.x before 6.0.12, 6.1.x before 6.1.7, and the development versions of 6.2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters.
- Database specific
{ "nvd_published_at": "2013-12-21T00:55:00Z", "cwe_ids": [ "CWE-79" ], "severity": "LOW", "github_reviewed": true, "github_reviewed_at": "2023-08-28T23:36:28Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2013-7074
- https://exchange.xforce.ibmcloud.com/vulnerabilities/89620
- https://github.com/TYPO3/typo3
- http://osvdb.org/100881
- http://seclists.org/oss-sec/2013/q4/473
- http://seclists.org/oss-sec/2013/q4/487
- http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004
- http://www.debian.org/security/2014/dsa-2834
- http://www.securityfocus.com/bid/64245
Affected packages
Packagist / typo3/cms
Package
- Name
- typo3/cms
- Purl
- pkg:composer/typo3/cms
Packagist / typo3/cms
Package
- Name
- typo3/cms
- Purl
- pkg:composer/typo3/cms
Packagist / typo3/cms
Package
- Name
- typo3/cms
- Purl
- pkg:composer/typo3/cms
Packagist / typo3/cms
Package
- Name
- typo3/cms
- Purl
- pkg:composer/typo3/cms