logo

Advisories

Weaknesses

Fixes

Requirements

Compliance

CVE-2015-8760 typo3/cms

Package

Manager: composer
Name: typo3/cms
Vulnerable Version: >=6.2.0 <6.2.16

Severity

Level: Medium

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00274 pctl0.50512

Details

TYPO3 allows remote attackers to embed Flash videos from external domain The Flvplayer component in TYPO3 6.2.x before 6.2.16 allows remote attackers to embed Flash videos from external domains via unspecified vectors, aka "Cross-Site Flashing."

Metadata

Created: 2022-05-17T03:59:51Z
Modified: 2025-04-14T20:00:11Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-3f58-74qw-ph75/GHSA-3f58-74qw-ph75.json
CWE IDs: ["CWE-20", "CWE-601"]
Alternative ID: GHSA-3f58-74qw-ph75
Finding: F156
Auto approve: 1