CVE-2012-2112

EPSS 0.50%

typo3-src - cross site scripting

Published: 5/17/2022Modified: 3/9/2026

Description

Cross-site scripting (XSS) vulnerability in the Exception Handler in TYPO3 4.4.x before 4.4.15, 4.5.x before 4.5.15, 4.6.x before 4.6.8, and 4.7 allows remote attackers to inject arbitrary web script or HTML via exception messages.

Affected packages (2)

Debian/typo3-srcfrom 0, < 4.3.9+dfsg1-1+squeeze4
Packagist/typo3/cms>= 4.4, < 4.4.15

References (9)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2012-2112
WEBhttp://lists.typo3.org/pipermail/typo3-announce/2012/000241.html
WEBhttp://lists.typo3.org/pipermail/typo3-announce/2012/000242.html
WEBhttps://exchange.xforce.ibmcloud.com/vulnerabilities/74920
WEBhttps://web.archive.org/web/20120421201555/http://www.securityfocus.com/bid/53047
WEBhttp://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-002
WEBhttp://www.debian.org/security/2012/dsa-2455
WEBhttp://www.openwall.com/lists/oss-security/2012/04/17/5
WEBhttp://www.openwall.com/lists/oss-security/2012/04/18/1