CVE-2013-7074

Typo3 < 4.5.32 - XSS

Title source: rule

Description

Multiple cross-site scripting (XSS) vulnerabilities in Content Editing Wizards in TYPO3 4.5.x before 4.5.32, 4.7.x before 4.7.17, 6.0.x before 6.0.12, 6.1.x before 6.1.7, and the development versions of 6.2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters.

References (7)

[Third Party Advisory, VDB Entry] http://osvdb.org/100881

[Mailing List] http://seclists.org/oss-sec/2013/q4/473

[Mailing List] http://seclists.org/oss-sec/2013/q4/487

[Vendor Advisory] http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/89620

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/64245

[Third Party Advisory] http://www.debian.org/security/2014/dsa-2834

Scores

EPSS 0.0034

EPSS Percentile 56.0%

Details

CWE

CWE-79

Status published

Products (50)

typo3/typo3

typo3/typo3

typo3/typo3

typo3/typo3

typo3/typo3

typo3/typo3

typo3/typo3

typo3/typo3

typo3/typo3

typo3/typo3

... and 40 more

Published Dec 21, 2013

Tracked Since Feb 18, 2026