CVE-2012-6148 – typo3/cms

Package

Manager: composer
Name: typo3/cms
Vulnerable Version: >=4.5.0 <4.5.21 || >=4.6.0 <4.6.14 || >=4.7.0 <4.7.6

Severity

Level: Low

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N/E:H/RL:U/RC:R

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N

EPSS: 0.00224 pctl0.4504

Details

Typo3 Function Menu API XSS Vulnerability Cross-site scripting (XSS) vulnerability in the function menu API in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 allows remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors.

Metadata

Created: 2022-05-17T01:37:41Z
Modified: 2024-01-12T17:59:45Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-rgf6-9q7g-55qg/GHSA-rgf6-9q7g-55qg.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-rgf6-9q7g-55qg
Finding: F425
Auto approve: 1