CVE-2010-5098 – typo3/cms-frontend

Package

Manager: composer
Name: typo3/cms-frontend
Vulnerable Version: >=4.2.0 <4.2.16 || >=4.4.0 <4.4.5 || >=4.3.0 <4.3.9

Severity

Level: Low

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00393 pctl0.59463

Details

TYPO3 Cross-site scripting (XSS) vulnerability in the FORM content object Cross-site scripting (XSS) vulnerability in the FORM content object in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

Metadata

Created: 2022-05-17T01:55:58Z
Modified: 2024-02-07T23:43:12Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-3mqf-fwc6-vwqw/GHSA-3mqf-fwc6-vwqw.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-3mqf-fwc6-vwqw
Finding: F008
Auto approve: 1