CVE-2013-7074
TYPO3 4.5.x-4.5.31, 4.7.x-4.7.16, 6.0.x-6.0.11, 6.1.x-6.1.6 - Authenticated XSS in Content Editing Wizards
Title source: llmDescription
Multiple cross-site scripting (XSS) vulnerabilities in Content Editing Wizards in TYPO3 4.5.x before 4.5.32, 4.7.x before 4.7.17, 6.0.x before 6.0.12, 6.1.x before 6.1.7, and the development versions of 6.2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters.
References (7)
Core 7
Core References
Mailing List mailing-list
x_refsource_mlist
http://seclists.org/oss-sec/2013/q4/487
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/64245
Mailing List mailing-list
x_refsource_mlist
http://seclists.org/oss-sec/2013/q4/473
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/89620
Vendor Advisory x_refsource_confirm
http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2014/dsa-2834
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/100881
Scores
EPSS
0.0034
EPSS Percentile
56.4%
Details
CWE
CWE-79
Status
published
Products (48)
typo3/cms
4.5.0 - 4.5.32Packagist
typo3/typo3
6.1
typo3/typo3
6.1.1
typo3/typo3
6.1.2
typo3/typo3
6.1.3
typo3/typo3
6.1.4
typo3/typo3
6.1.5
typo3/typo3
6.1.6
typo3/typo3
4.7.0
typo3/typo3
4.7.1
... and 38 more
Published
Dec 21, 2013
Tracked Since
Feb 18, 2026