GHSA-3w22-wrwx-2r75
Suggest an improvement- Source
- https://github.com/advisories/GHSA-3w22-wrwx-2r75
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-3w22-wrwx-2r75/GHSA-3w22-wrwx-2r75.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-3w22-wrwx-2r75
- Aliases
- Published
- 2022-05-14T03:25:24Z
- Modified
- 2023-11-01T04:49:33.843950Z
- Severity
-
- 4.8 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- Typo3 XSS Vulnerability
- Details
-
The page module in TYPO3 before 8.7.11 has XSS via
$GLOBALS['TYPO3_CONF_VARS']['SYS']['sitename'], as demonstrated by an admin entering a crafted site name during the installation process. - Database specific
{ "severity": "MODERATE", "cwe_ids": [ "CWE-79" ], "github_reviewed_at": "2023-07-25T19:48:22Z", "github_reviewed": true, "nvd_published_at": "2018-04-08T17:29:00Z" }- References
Affected packages
Packagist / typo3/cms
Package
- Name
- typo3/cms
- Purl
- pkg:composer/typo3/cms
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed9.2.0
Affected versions
6.*
6.2.0
6.2.1
6.2.2
6.2.3
6.2.4
6.2.5
6.2.6
6.2.7
6.2.8
6.2.9
6.2.10-rc1
6.2.10
6.2.11
6.2.12
6.2.13
6.2.14
6.2.15
6.2.16
6.2.17
6.2.18
6.2.19
6.2.20
6.2.21
6.2.22
6.2.23
6.2.24
6.2.25
6.2.26
6.2.27
6.2.28
6.2.29
6.2.30
6.2.31
7.*
7.0.0
7.0.1
7.0.2
7.1.0
7.2.0
7.3.0
7.3.1
7.4.0
7.5.0
7.6.0
7.6.1
7.6.2
7.6.3
7.6.4
7.6.5
7.6.6
7.6.7
7.6.8
7.6.9
7.6.10
7.6.11
7.6.12
7.6.13
7.6.14
7.6.15
7.6.16
7.6.17
7.6.18
7.6.19
v7.*
v7.6.20
v7.6.21
v7.6.22
v7.6.23
v7.6.24
v7.6.25
v7.6.26
v7.6.27
v7.6.28
v7.6.29
v7.6.30
v7.6.31
v7.6.32
8.*
8.0.0
8.0.1
8.1.0
8.1.1
8.1.2
8.2.0
8.2.1
8.3.0
8.3.1
8.4.0
8.4.1
8.5.0
8.5.1
8.6.0
8.6.1
8.7.0
8.7.1
8.7.2
v8.*
v8.7.3
v8.7.4
v8.7.5
v8.7.6
v8.7.7
v8.7.8
v8.7.9
v8.7.10
v8.7.11
v8.7.12
v8.7.13
v8.7.14
v8.7.15
v8.7.16
v8.7.17
v8.7.18
v8.7.19
v8.7.20
v8.7.21
v8.7.22
v8.7.23
v8.7.24
v8.7.25
v8.7.26
v8.7.27
v8.7.28
v8.7.29
v8.7.30
v8.7.31
v8.7.32
v9.*
v9.0.0
v9.1.0