cbcvebase.
CVE-2015-5956
published 2015-09-16

CVE-2015-5956: The sanitizeLocalUrl function in TYPO3 6.x before 6.2.15, 7.x before 7.4.0, 4.5.40, and earlier allows remote authenticated users to bypass the XSS filter and…

PriorityP414low3.5CVSS 2.0
AVNACMAuSCNIPAN
EPSS
2.01%
78.4th percentile
The sanitizeLocalUrl function in TYPO3 6.x before 6.2.15, 7.x before 7.4.0, 4.5.40, and earlier allows remote authenticated users to bypass the XSS filter and conduct cross-site scripting (XSS) attacks via a base64 encoded data URI, as demonstrated by the (1) returnUrl parameter to show_rechis.php and the (2) redirect_url parameter to index.php.

Affected

49 ranges· showing 25
VendorProductVersion rangeFixed in
typo3cms4.0 – 4.5.40
typo3cms>= 6.0 < 6.2.156.2.15
typo3cms>= 7.0 < 7.4.07.4.0
typo3typo3<= 4.5.40
typo3typo3
typo3typo3
typo3typo3
typo3typo3
typo3typo3
typo3typo3
typo3typo3
typo3typo3
typo3typo3
typo3typo3
typo3typo3
typo3typo3
typo3typo3
typo3typo3
typo3typo3
typo3typo3
typo3typo3
typo3typo3
typo3typo3
typo3typo3
typo3typo3
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.