CVE-2018-6905
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2018-6905
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-6905.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2018-6905
- Aliases
- Published
- 2018-04-08T17:29:00Z
- Modified
- 2024-10-12T04:06:49.041522Z
- Severity
-
- 4.8 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
The page module in TYPO3 before 8.7.11, and 9.1.0, has XSS via $GLOBALS['TYPO3CONFVARS']['SYS']['sitename'], as demonstrated by an admin entering a crafted site name during the installation process.
- References
Affected packages
Git / github.com/benjaminkott/bootstrap_package
Affected ranges
- Type
- GIT
- Repo
- https://github.com/benjaminkott/bootstrap_package
- Events
- Type
- GIT
- Repo
- https://github.com/typo3/typo3
- Events
- Type
- GIT
- Repo
- https://github.com/typo3/typo3.cms
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
6.*
6.2.0
6.2.1
6.2.2
6.2.3
7.*
7.0.0
7.1.0
7.2.0
7.3.0
7.4.0
7.5.0
7.6.0
7.6.1
7.6.2
8.*
8.0.0
8.1.0
8.2.0
8.3.0
8.4.0
8.5.0
8.6.0
8.7.0
8.7.1
8.7.10
8.7.2
8.7.4
8.7.5
8.7.6
8.7.7
8.7.8
8.7.9
9.*
9.0.0
Other
TYPO3_6-1-0rc1
TYPO3_6-2-0
TYPO3_6-2-0alpha1
TYPO3_6-2-0alpha2
TYPO3_6-2-0alpha3
TYPO3_6-2-0beta1
TYPO3_6-2-0beta2
TYPO3_6-2-0beta3
TYPO3_6-2-0beta4
TYPO3_6-2-0beta5
TYPO3_6-2-0beta6
TYPO3_6-2-0beta7
TYPO3_6-2-0rc1
TYPO3_6-2-0rc2
TYPO3_6-2-1
TYPO3_6-2-2
TYPO3_6-2-3
TYPO3_7-0-0
TYPO3_7-1-0
TYPO3_7-2-0
TYPO3_7-3-0
TYPO3_7-4-0
TYPO3_7-5-0
TYPO3_7-6-0
TYPO3_7-6-1
TYPO3_7-6-2
TYPO3_8-0-0
TYPO3_8-1-0
TYPO3_8-2-0
TYPO3_8-3-0
TYPO3_8-4-0
TYPO3_8-5-0
TYPO3_8-6-0
TYPO3_8-7-0
TYPO3_8-7-1
TYPO3_8-7-10
TYPO3_8-7-2
TYPO3_8-7-4
TYPO3_8-7-5
TYPO3_8-7-6
TYPO3_8-7-7
TYPO3_8-7-8
TYPO3_8-7-9
v8.*
v8.7.10
v8.7.4
v8.7.5
v8.7.6
v8.7.7
v8.7.8
v8.7.9
v9.*
v9.0.0