CVE-2013-7078 — Cross-site Scripting in Cms-core

CWE-79 — Cross-site Scripting5 documents4 sources

Severity

2.6LOWNVD

EPSS

0.5%

top 34.56%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Typo3 Cms-core Typo3

Timeline

PublishedJan 19

Latest updateMay 17

Description

Cross-site scripting (XSS) vulnerability in the errorAction method in the ActionController base class in the Extbase Framework in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6, when the Rewritten Property Mapper is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified input, which is returned in an error message. NOTE: this might be the same vulnerability as CVE-2013-7072.

CVSS vector

AV:N/AC:H/C:N/I:P/A:NExploitability: 4.9 | Impact: 2.9

Affected Packages2 packages

▶Packagisttypo3/cms-core4.5.0 — 4.5.31+3

▶NVDtypo3/typo370 versions+69

🔴Vulnerability Details

GHSA

TYPO3 Cross-site scripting (XSS) vulnerability in the Extbase Framework↗2022-05-17

▶

OSV

TYPO3 Cross-site scripting (XSS) vulnerability in the Extbase Framework↗2022-05-17

▶

CVEList

CVE-2013-7078: Cross-site scripting (XSS) vulnerability in the errorAction method in the ActionController base class in the Extbase Framework in TYPO3 4↗2014-01-19

▶

OSV

CVE-2013-7078: Cross-site scripting (XSS) vulnerability in the errorAction method in the ActionController base class in the Extbase Framework in TYPO3 4↗2014-01-19

▶