CVE-2013-7078 – typo3/cms-core

Package

Manager: composer
Name: typo3/cms-core
Vulnerable Version: >=4.5.0 <4.5.31 || >=4.7.0 <4.7.16 || >=6.1.0 <6.1.6 || >=6.0.0 <6.0.11

Severity

Level: Low

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00486 pctl0.64424

Details

TYPO3 Cross-site scripting (XSS) vulnerability in the Extbase Framework Cross-site scripting (XSS) vulnerability in the errorAction method in the ActionController base class in the Extbase Framework in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6, when the Rewritten Property Mapper is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified input, which is returned in an error message. NOTE: this might be the same vulnerability as CVE-2013-7072.

Metadata

Created: 2022-05-17T01:29:44Z
Modified: 2023-08-28T23:36:19Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-qj69-chjp-g4f5/GHSA-qj69-chjp-g4f5.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-qj69-chjp-g4f5
Finding: F008
Auto approve: 1