CVE-2012-1606 – typo3/cms

Package

Manager: composer
Name: typo3/cms
Vulnerable Version: >=4.4.0 <4.4.14 || >=4.5.0 <4.5.14 || >=4.6.0 <4.6.7

Severity

Level: Low

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N/E:H/RL:U/RC:R

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00287 pctl0.5176

Details

Typo3 Backend XSS Vulnerabilities Multiple cross-site scripting (XSS) vulnerabilities in the Backend component in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allow remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors.

Metadata

Created: 2022-05-17T05:23:54Z
Modified: 2023-08-29T23:29:32Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-7wwr-p84q-qr3q/GHSA-7wwr-p84q-qr3q.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-7wwr-p84q-qr3q
Finding: F425
Auto approve: 1