CVE-2012-6147 – typo3/cms

Package

Manager: composer
Name: typo3/cms
Vulnerable Version: >=4.5.0 <4.5.21 || >=4.6.0 <4.6.14 || >=4.7.0 <4.7.6

Severity

Level: Low

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N/E:H/RL:U/RC:R

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00196 pctl0.41781

Details

Typo3 Backend API XSS Vulnerability Cross-site scripting (XSS) vulnerability in the tree render API (TCA-Tree) in the Backend API in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 allows remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors.

Metadata

Created: 2022-05-17T01:37:41Z
Modified: 2024-01-12T17:58:35Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-qmmw-ch2q-j6xx/GHSA-qmmw-ch2q-j6xx.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-qmmw-ch2q-j6xx
Finding: F425
Auto approve: 1