CVE-2012-6146 – typo3/cms

Package

Manager: composer
Name: typo3/cms
Vulnerable Version: >=4.5 <4.5.21 || >=4.6 <4.6.14 || >=4.7 <4.7.6

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00176 pctl0.3943

Details

Typo3 Backend History Module Vulnerable to XSS The Backend History Module in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 does not properly restrict access, which allows remote authenticated editors to read the history of arbitrary records via a crafted URL.

Metadata

Created: 2022-05-17T04:43:27Z
Modified: 2024-01-12T18:14:40Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-2hp4-8h6h-93rr/GHSA-2hp4-8h6h-93rr.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-2hp4-8h6h-93rr
Finding: F008
Auto approve: 1