CVE-2015-8756Cross-site Scripting in CMS

CWE-79Cross-site Scripting4 documents4 sources
Severity
5.4MEDIUMNVD
EPSS
0.2%
top 59.40%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Typo3 CMSTypo3
Timeline
PublishedJan 8
Latest updateMay 17

Description

Cross-site scripting (XSS) vulnerability in the search result view in the Indexed Search (indexed_search) component in TYPO3 6.2.x before 6.2.16 allows remote authenticated editors to inject arbitrary web script or HTML via unspecified vectors.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

Packagisttypo3/cms6.2.06.2.16
NVDtypo3/typo317 versions+16

🔴Vulnerability Details

3
GHSA
TYPO3 CMS indexed search Cross-site Scripting vulnerability2022-05-17
OSV
TYPO3 CMS indexed search Cross-site Scripting vulnerability2022-05-17
CVEList
CVE-2015-8756: Cross-site scripting (XSS) vulnerability in the search result view in the Indexed Search (indexed_search) component in TYPO3 62016-01-08
CVE-2015-8756 — Cross-site Scripting in Typo3 CMS | cvebase