GHSA-76r3-m635-p3vc

Source

https://github.com/advisories/GHSA-76r3-m635-p3vc

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/05/GHSA-76r3-m635-p3vc/GHSA-76r3-m635-p3vc.json

JSON Data

https://api.test.osv.dev/v1/vulns/GHSA-76r3-m635-p3vc

Published

2024-05-30T16:14:41Z

Modified

2024-12-05T06:03:53.981367Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

TYPO3 Cross-Site Scripting in Language Pack Handling

Details

Failing to properly encode information from external sources, language pack handling in the install tool is vulnerable to cross-site scripting.

Database specific

{
    "nvd_published_at": null,
    "cwe_ids": [
        "CWE-79"
    ],
    "github_reviewed_at": "2024-05-30T16:14:41Z",
    "severity": "MODERATE",
    "github_reviewed": true
}

References

Affected packages

Packagist / typo3/cms-core

Package

Name: typo3/cms-core
Purl: pkg:composer/typo3/cms-core

Affected ranges

Type: ECOSYSTEM
Events: Introduced

9.2.0

Fixed

9.5.4

Affected versions

v9.*

v9.2.0

v9.2.1

v9.3.0

v9.3.1

v9.3.2

v9.3.3

v9.4.0

v9.5.0

v9.5.1

v9.5.2

v9.5.3

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/05/GHSA-76r3-m635-p3vc/GHSA-76r3-m635-p3vc.json"