CVE-2015-8755 – typo3/cms

Package

Manager: composer
Name: typo3/cms
Vulnerable Version: >=6.2 <6.2.16 || >=7.0 <7.6.1

Severity

Level: Medium

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

EPSS: 0.00222 pctl0.44756

Details

Typo3 XSS Vulnerability Multiple cross-site scripting (XSS) vulnerabilities in unspecified backend components in TYPO3 6.2.x before 6.2.16 and 7.x before 7.6.1 allow remote authenticated editors to inject arbitrary web script or HTML via unknown vectors.

Metadata

Created: 2022-05-17T03:59:51Z
Modified: 2023-08-04T23:08:49Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-56f9-5563-m2h7/GHSA-56f9-5563-m2h7.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-56f9-5563-m2h7
Finding: F425
Auto approve: 1