CVE-2010-5097 – typo3/cms-frontend

Package

Manager: composer
Name: typo3/cms-frontend
Vulnerable Version: >=4.3.0 <4.3.9 || >=4.4.0 <4.4.5

Severity

Level: Low

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.0065 pctl0.69922

Details

TYPO3 Cross-site scripting (XSS) vulnerability in the click enlarge functionality Cross-site scripting (XSS) vulnerability in the click enlarge functionality in TYPO3 4.3.x before 4.3.9 and 4.4.x before 4.4.5 when the caching framework is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Metadata

Created: 2022-05-17T01:55:59Z
Modified: 2024-02-07T23:48:05Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-9hw3-4gvp-8mv5/GHSA-9hw3-4gvp-8mv5.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-9hw3-4gvp-8mv5
Finding: F008
Auto approve: 1