Описание
TYPO3 is an enterprise content management system. Starting in version 13.0.0 and prior to version 13.1.1, the history backend module is vulnerable to HTML injection. Although Content-Security-Policy headers effectively prevent JavaScript execution, adversaries can still inject malicious HTML markup. Exploiting this vulnerability requires a valid backend user account. TYPO3 version 13.1.1 fixes the problem described.
Ссылки
- Patch
- Vendor Advisory
- Vendor Advisory
- Patch
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 13.0.0 (включая) до 13.1.1 (исключая)
cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*
EPSS
Процентиль: 69%
0.00615
Низкий
3.5 Low
CVSS3
5.4 Medium
CVSS3
Дефекты
CWE-79
CWE-79
Связанные уязвимости
CVSS3: 3.5
github
больше 1 года назад
TYPO3 vulnerable to an HTML Injection in the History Module
EPSS
Процентиль: 69%
0.00615
Низкий
3.5 Low
CVSS3
5.4 Medium
CVSS3
Дефекты
CWE-79
CWE-79