GHSA-9hw3-4gvp-8mv5

Suggest an improvement
Source
https://github.com/advisories/GHSA-9hw3-4gvp-8mv5
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-9hw3-4gvp-8mv5/GHSA-9hw3-4gvp-8mv5.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-9hw3-4gvp-8mv5
Aliases
  • CVE-2010-5097
Published
2022-05-17T01:55:59Z
Modified
2024-02-07T23:56:43.697298Z
Summary
TYPO3 Cross-site scripting (XSS) vulnerability in the click enlarge functionality
Details

Cross-site scripting (XSS) vulnerability in the click enlarge functionality in TYPO3 4.3.x before 4.3.9 and 4.4.x before 4.4.5 when the caching framework is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Database specific
{
    "nvd_published_at": "2012-05-21T20:55:00Z",
    "cwe_ids": [
        "CWE-79"
    ],
    "severity": "LOW",
    "github_reviewed": true,
    "github_reviewed_at": "2024-02-07T23:48:05Z"
}
References

Affected packages

Packagist / typo3/cms-frontend

Package

Name
typo3/cms-frontend
Purl
pkg:composer/typo3/cms-frontend

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.3.0
Fixed
4.3.9

Packagist / typo3/cms-frontend

Package

Name
typo3/cms-frontend
Purl
pkg:composer/typo3/cms-frontend

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.4.0
Fixed
4.4.5