CVE-2013-7074
LOW3.0EPSS 0.34%TYPO3 Cross-Site Scripting (XSS) vulnerabilities in Content Editing Wizards component
發布日:2022/5/17修改日:2023/11/8
描述
Multiple cross-site scripting (XSS) vulnerabilities in Content Editing Wizards in TYPO3 4.5.x before 4.5.32, 4.7.x before 4.7.17, 6.0.x before 6.0.12, 6.1.x before 6.1.7, and the development versions of 6.2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters.
受影響套件(1)
- Packagist/typo3/cms>= 4.5.0, < 4.5.32
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | LOW3.0 | CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N |
參考連結(9)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2013-7074
- PATCHhttps://github.com/TYPO3/typo3
- WEBhttp://osvdb.org/100881
- WEBhttp://seclists.org/oss-sec/2013/q4/473
- WEBhttp://seclists.org/oss-sec/2013/q4/487
- WEBhttps://exchange.xforce.ibmcloud.com/vulnerabilities/89620
- WEBhttp://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004
- WEBhttp://www.debian.org/security/2014/dsa-2834
- WEBhttp://www.securityfocus.com/bid/64245