CVE-2014-3943 – typo3/cms

Package

Manager: composer
Name: typo3/cms
Vulnerable Version: >=4.5.0 <4.5.34 || >=4.7.0 <4.7.19 || >=6.0.0 <6.0.14 || >=6.1.0 <6.1.9 || >=6.2.0 <6.2.3

Severity

Level: Low

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N/E:H/RL:U/RC:R

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00208 pctl0.43223

Details

Typo3 XSS Vulnerabilities Multiple cross-site scripting (XSS) vulnerabilities in unspecified backend components in TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.0.14, 6.1.0 before 6.1.9, and 6.2.0 before 6.2.3 allow remote authenticated editors to inject arbitrary web script or HTML via unknown parameters.

Metadata

Created: 2022-05-14T04:01:57Z
Modified: 2025-04-14T21:44:56Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-qqh2-h6gw-6x8x/GHSA-qqh2-h6gw-6x8x.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-qqh2-h6gw-6x8x
Finding: F425
Auto approve: 1