CVE-2012-3528 – typo3/cms

Package

Manager: composer
Name: typo3/cms
Vulnerable Version: >=4.5 <4.5.19 || >=4.6 <4.6.12 || >=4.7 <4.7.4

Severity

Level: Low

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N/E:H/RL:U/RC:R

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N

EPSS: 0.00522 pctl0.65973

Details

Typo3 Backend XSS Vulnerability Multiple cross-site scripting (XSS) vulnerabilities in the backend in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allow remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors.

Metadata

Created: 2022-05-17T01:43:57Z
Modified: 2024-01-12T18:12:07Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-7w6c-5pr4-7qvp/GHSA-7w6c-5pr4-7qvp.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-7w6c-5pr4-7qvp
Finding: F425
Auto approve: 1