CVE-2018-6905

MEDIUM LAB

Typo3 < 8.7.11 - XSS

Title source: rule

Description

The page module in TYPO3 before 8.7.11, and 9.1.0, has XSS via $GLOBALS['TYPO3_CONF_VARS']['SYS']['sitename'], as demonstrated by an admin entering a crafted site name during the installation process.

Exploits (2)

nomisec WRITEUP 5 stars

by pradeepjairamani · poc

https://github.com/pradeepjairamani/TYPO3-XSS-POC

View Code ZIP pw:eip

nomisec WRITEUP

by dnr6419 · poc

https://github.com/dnr6419/CVE-2018-6905

View Code ZIP pw:eip

References (3)

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1040755

[Patch, Vendor Advisory] https://forge.typo3.org/issues/84191

[Exploit, Third Party Advisory] https://github.com/pradeepjairamani/TYPO3-XSS-POC

Scores

CVSS v3 4.8

EPSS 0.0227

EPSS Percentile 84.7%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Lab Environment

COMMUNITY

Community Lab

docker pull mysql:5.6.51

docker pull phpmyadmin/phpmyadmin

https://github.com/pradeepjairamani/TYPO3-XSS-POC

https://github.com/dnr6419/CVE-2018-6905

View in Library

Details

CWE

CWE-79

Status published

Products (2)

typo3/cms 0 - 9.2.0Packagist

typo3/typo3 < 8.7.11

Published Apr 08, 2018

Tracked Since Feb 18, 2026