CVE-2013-7077

TYPO3 6.0.0-6.0.11 and 6.1.0-6.1.6 - Cross-Site Scripting in Backend User Administration Module

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in the Backend User Administration Module in TYPO3 6.0.x before 6.0.12 and 6.1.x before 6.1.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

References (5)

Core 5

Core References

Mailing List mailing-list x_refsource_mlist

http://seclists.org/oss-sec/2013/q4/487

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/89626

Mailing List mailing-list x_refsource_mlist

http://seclists.org/oss-sec/2013/q4/473

Vendor Advisory x_refsource_confirm

http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/100884

Scores

EPSS 0.0033

EPSS Percentile 56.0%

Details

CWE

CWE-79

Status published

Products (20)

typo3/cms-core 6.0 - 6.0.12Packagist

typo3/typo3 6.0

typo3/typo3 6.0.1

typo3/typo3 6.0.2

typo3/typo3 6.0.3

typo3/typo3 6.0.4

typo3/typo3 6.0.5

typo3/typo3 6.0.6

typo3/typo3 6.0.7

typo3/typo3 6.0.8

... and 10 more

Published Dec 21, 2013

Tracked Since Feb 18, 2026