CVE-2012-6145 – typo3/cms

Package

Manager: composer
Name: typo3/cms
Vulnerable Version: >=4.5.0 <4.5.21 || >=4.6.0 <4.6.14 || >=4.7.0 <4.7.6

Severity

Level: Low

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N/E:H/RL:U/RC:R

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N

EPSS: 0.00196 pctl0.41781

Details

Typo3 Backend History Module Vulnerable to XSS Cross-site scripting (XSS) vulnerability in the Backend History module in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 allows remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors.

Metadata

Created: 2022-05-17T01:37:41Z
Modified: 2024-01-12T17:59:22Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-w563-rq37-cvq5/GHSA-w563-rq37-cvq5.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-w563-rq37-cvq5
Finding: F425
Auto approve: 1