CVE-2014-3943Cross-site Scripting in CMS

CWE-79Cross-site Scripting4 documents4 sources
Severity
3.5LOWNVD
EPSS
0.2%
top 56.79%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Typo3 CMSTypo3
Timeline
PublishedJun 3
Latest updateMay 14

Description

Multiple cross-site scripting (XSS) vulnerabilities in unspecified backend components in TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.0.14, 6.1.0 before 6.1.9, and 6.2.0 before 6.2.3 allow remote authenticated editors to inject arbitrary web script or HTML via unknown parameters.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 6.8 | Impact: 2.9

Affected Packages2 packages

Packagisttypo3/cms4.5.04.5.34+4
NVDtypo3/typo380 versions+79

🔴Vulnerability Details

3
OSV
Typo3 XSS Vulnerabilities2022-05-14
GHSA
Typo3 XSS Vulnerabilities2022-05-14
CVEList
CVE-2014-3943: Multiple cross-site scripting (XSS) vulnerabilities in unspecified backend components in TYPO3 42014-06-03
CVE-2014-3943 — Cross-site Scripting in Typo3 CMS | cvebase