GHSA-9hh2-8cw6-hfv7

Suggest an improvement
Source
https://github.com/advisories/GHSA-9hh2-8cw6-hfv7
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-9hh2-8cw6-hfv7/GHSA-9hh2-8cw6-hfv7.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-9hh2-8cw6-hfv7
Aliases
  • CVE-2010-5100
Published
2022-05-17T01:55:58Z
Modified
2024-02-07T23:56:43.857828Z
Summary
TYPO3 Cross-Site Scripting vulnerability in the Install Tool
Details

Multiple cross-site scripting (XSS) vulnerabilities in the Install Tool in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

Database specific
{
    "nvd_published_at": "2012-05-21T20:55:00Z",
    "cwe_ids": [
        "CWE-79"
    ],
    "severity": "LOW",
    "github_reviewed": true,
    "github_reviewed_at": "2024-02-07T23:35:28Z"
}
References

Affected packages

Packagist / typo3/cms-install

Package

Name
typo3/cms-install
Purl
pkg:composer/typo3/cms-install

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.2.0
Fixed
4.2.16

Packagist / typo3/cms-install

Package

Name
typo3/cms-install
Purl
pkg:composer/typo3/cms-install

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.3.0
Fixed
4.3.9

Packagist / typo3/cms-install

Package

Name
typo3/cms-install
Purl
pkg:composer/typo3/cms-install

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.4.0
Fixed
4.4.5