CVE-2012-6146

EPSS 0.18%

Typo3 Backend History Module Vulnerable to XSS

發布日:2022/5/17修改日:2024/1/12

描述

The Backend History Module in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 does not properly restrict access, which allows remote authenticated editors to read the history of arbitrary records via a crafted URL.

受影響套件(1)

Packagist/typo3/cms>= 4.5, < 4.5.21

參考連結(2)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2012-6146
WEBhttp://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-005