CVE-2012-2112
TYPO3 4.4.0-4.4.14, 4.5.0-4.5.14, 4.6.0-4.6.7, 4.7 - Cross-Site Scripting via Exception Handler
Title source: llmDescription
Cross-site scripting (XSS) vulnerability in the Exception Handler in TYPO3 4.4.x before 4.4.15, 4.5.x before 4.5.15, 4.6.x before 4.6.8, and 4.7 allows remote attackers to inject arbitrary web script or HTML via exception messages.
References (8)
Core 8
Core References
Various Sources mailing-list
x_refsource_mlist
http://lists.typo3.org/pipermail/typo3-announce/2012/000241.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/74920
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/53047
Various Sources mailing-list
x_refsource_mlist
http://lists.typo3.org/pipermail/typo3-announce/2012/000242.html
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/04/17/5
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/04/18/1
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2012/dsa-2455
Vendor Advisory x_refsource_confirm
http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-002/
Scores
EPSS
0.0050
EPSS Percentile
66.3%
Details
CWE
CWE-79
Status
published
Products (40)
typo3/cms
4.4 - 4.4.15Packagist
typo3/typo3
4.4.0
typo3/typo3
4.4.1
typo3/typo3
4.4.2
typo3/typo3
4.4.3
typo3/typo3
4.4.4
typo3/typo3
4.4.5
typo3/typo3
4.4.6
typo3/typo3
4.4.7
typo3/typo3
4.4.8
... and 30 more
Published
Aug 27, 2012
Tracked Since
Feb 18, 2026