CVE-2010-3715 — Cross-site Scripting in Cms-backend

CWE-79 — Cross-site Scripting4 documents4 sources

Severity

4.3MEDIUMNVD

EPSS

0.3%

top 46.94%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Typo3 Cms-backend Typo3

Timeline

PublishedOct 25

Latest updateMay 17

Description

Multiple cross-site scripting (XSS) vulnerabilities in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) the RemoveXSS function, and allow remote authenticated users to inject arbitrary web script or HTML via vectors related to (2) the backend.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

▶Packagisttypo3/cms-backend4.2.0 — 4.2.15+2

▶NVDtypo3/typo326 versions+25

🔴Vulnerability Details

OSV

TYPO3 cross-site scripting (XSS) vulnerability in the RemoveXSS function and the backend↗2022-05-17

▶

GHSA

TYPO3 cross-site scripting (XSS) vulnerability in the RemoveXSS function and the backend↗2022-05-17

▶

CVEList

CVE-2010-3715: Multiple cross-site scripting (XSS) vulnerabilities in TYPO3 4↗2010-10-25

▶