CVE-2013-7082
TYPO3 Flow 1.1.x < 1.1.1 and 2.0.x < 2.0.1 - Cross-Site Scripting via Error Action Method
Title source: llmDescription
Cross-site scripting (XSS) vulnerability in the errorAction method in the ActionController base class in TYPO3 Flow (formerly FLOW3) 1.1.x before 1.1.1 and 2.0.x before 2.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified input, which is returned in an error message.
References (4)
Core 4
Core References
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/55996
Vendor Advisory x_refsource_confirm
http://typo3.org/teams/security/security-bulletins/typo3-flow/typo3-flow-sa-2013-001
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/100825
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/89614
Scores
EPSS
0.0031
EPSS Percentile
54.2%
Details
CWE
CWE-79
Status
published
Products (4)
neos/flow
1.1.0 - 1.1.1Packagist
typo3/flow
1.1.0
typo3/flow
2.0.0
typo3/flow
1.1.0 - 1.1.1Packagist
Published
Dec 21, 2013
Tracked Since
Feb 18, 2026