CVE-2012-3529 – typo3/cms

Package

Manager: composer
Name: typo3/cms
Vulnerable Version: >=4.5 <4.5.19 || >=4.6 <4.6.12 || >=4.7 <4.7.4

Severity

Level: Low

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00374 pctl0.58298

Details

Typo3 Backend Configuration XSS Vulnerability The configuration module in the backend in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote authenticated backend users to obtain the encryption key via unspecified vectors.

Metadata

Created: 2022-05-17T01:43:54Z
Modified: 2024-01-12T18:12:27Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-7gg8-3r6j-5g55/GHSA-7gg8-3r6j-5g55.json
CWE IDs: ["CWE-200"]
Alternative ID: GHSA-7gg8-3r6j-5g55
Finding: F308
Auto approve: 1