CVE-2013-5100 – jambagecom/div2007

Package

Manager: composer
Name: jambagecom/div2007
Vulnerable Version: >=0 <0.10.2

Severity

Level: Low

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U

EPSS: 0.00521 pctl0.65906

Details

Static Methods since 2007 (div2007) extension for TYPO3 vulnerable to Cross-site Scripting Cross-site scripting (XSS) vulnerability in the Static Methods since 2007 (div2007) extension before 0.10.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to the t3lib_div::quoteJSvalue function.

Metadata

Created: 2022-05-17T01:32:35Z
Modified: 2025-04-12T03:35:35Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-4mm3-xgc2-656r/GHSA-4mm3-xgc2-656r.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-4mm3-xgc2-656r
Finding: F008
Auto approve: 1