Описание
A vulnerability, which was classified as problematic, was found in innologi appointments Extension up to 2.0.5 on TYPO3. This affects an unknown part of the component Appointment Handler. The manipulation of the argument formfield leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 2.0.6 is able to address this issue. The identifier of the patch is 986d3cb34e5e086c6f04e061f600ffc5837abe7f. It is recommended to upgrade the affected component. The identifier VDB-217353 was assigned to this vulnerability.
Ссылки
- Patch
- Release NotesThird Party Advisory
- Third Party Advisory
- Third Party Advisory
- Patch
- Release NotesThird Party Advisory
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.0.6 (исключая)
cpe:2.3:a:innologi:appointment_scheduler:*:*:*:*:*:typo3:*:*
EPSS
Процентиль: 48%
0.00251
Низкий
3.5 Low
CVSS3
6.1 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-79
CWE-79
Связанные уязвимости
CVSS3: 6.1
github
около 3 лет назад
typo3-appointments vulnerable to Cross-site Scripting
EPSS
Процентиль: 48%
0.00251
Низкий
3.5 Low
CVSS3
6.1 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-79
CWE-79