CVE-2013-7074 – typo3/cms

Package

Manager: composer
Name: typo3/cms
Vulnerable Version: >=4.5.0 <4.5.32 || >=4.7.0 <4.7.17 || >=6.0.0 <6.0.12 || >=6.1.0 <6.1.7

Severity

Level: Low

CVSS v3.1: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:L/SI:N/SA:N

EPSS: 0.00335 pctl0.55693

Details

TYPO3 Cross-Site Scripting (XSS) vulnerabilities in Content Editing Wizards component Multiple cross-site scripting (XSS) vulnerabilities in Content Editing Wizards in TYPO3 4.5.x before 4.5.32, 4.7.x before 4.7.17, 6.0.x before 6.0.12, 6.1.x before 6.1.7, and the development versions of 6.2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters.

Metadata

Created: 2022-05-17T01:29:44Z
Modified: 2023-08-28T23:36:28Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-r8m7-792j-5jvq/GHSA-r8m7-792j-5jvq.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-r8m7-792j-5jvq
Finding: F425
Auto approve: 1