CVE-2009-3636 – typo3/cms-install

Package

Manager: composer
Name: typo3/cms-install
Vulnerable Version: >=0 <=4.0.13 || >=4.1.0 <4.1.13 || >=4.2.0 <4.2.10 || >=4.3alpha1 <4.3beta2

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00442 pctl0.62391

Details

Typo3 API Install Tool vulnerable to Cross-site Scripting Cross-site scripting (XSS) vulnerability in the Install Tool subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.

Metadata

Created: 2022-05-02T03:47:10Z
Modified: 2024-02-08T21:58:48Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-c73w-4rcj-2622/GHSA-c73w-4rcj-2622.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-c73w-4rcj-2622
Finding: F008
Auto approve: 1