CVE-2010-5100 – typo3/cms-install

Package

Manager: composer
Name: typo3/cms-install
Vulnerable Version: >=4.2.0 <4.2.16 || >=4.3.0 <4.3.9 || >=4.4.0 <4.4.5

Severity

Level: Low

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00354 pctl0.57025

Details

TYPO3 Cross-Site Scripting vulnerability in the Install Tool Multiple cross-site scripting (XSS) vulnerabilities in the Install Tool in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

Metadata

Created: 2022-05-17T01:55:58Z
Modified: 2024-02-07T23:35:28Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-9hh2-8cw6-hfv7/GHSA-9hh2-8cw6-hfv7.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-9hh2-8cw6-hfv7
Finding: F008
Auto approve: 1