CVE-2012-3531Cross-site Scripting in CMS

CWE-79Cross-site Scripting4 documents4 sources
Severity
4.3MEDIUMNVD
EPSS
0.2%
top 51.88%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Typo3 CMSTypo3
Timeline
PublishedSep 5
Latest updateMay 17

Description

Cross-site scripting (XSS) vulnerability in the Install Tool in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

Packagisttypo3/cms4.54.5.19+2
NVDtypo3/typo338 versions+37

🔴Vulnerability Details

3
GHSA
Typo3 Install Tool XSS Vulnerability2022-05-17
OSV
Typo3 Install Tool XSS Vulnerability2022-05-17
CVEList
CVE-2012-3531: Cross-site scripting (XSS) vulnerability in the Install Tool in TYPO3 42012-09-05
CVE-2012-3531 — Cross-site Scripting in Typo3 CMS | cvebase