CVE-2015-8760
published 2016-01-08CVE-2015-8760: The Flvplayer component in TYPO3 6.2.x before 6.2.16 allows remote attackers to embed Flash videos from external domains via unspecified vectors, aka…
PriorityP425medium6.1CVSS 3.0
AVNACLPRNUIRSCCLILAN
EPSS
1.43%
69.8th percentile
The Flvplayer component in TYPO3 6.2.x before 6.2.16 allows remote attackers to embed Flash videos from external domains via unspecified vectors, aka "Cross-Site Flashing."
Affected
18 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| typo3 | cms | >= 6.2.0 < 6.2.16 | 6.2.16 |
| typo3 | typo3 | — | — |
| typo3 | typo3 | — | — |
| typo3 | typo3 | — | — |
| typo3 | typo3 | — | — |
| typo3 | typo3 | — | — |
| typo3 | typo3 | — | — |
| typo3 | typo3 | — | — |
| typo3 | typo3 | — | — |
| typo3 | typo3 | — | — |
| typo3 | typo3 | — | — |
| typo3 | typo3 | — | — |
| typo3 | typo3 | — | — |
| typo3 | typo3 | — | — |
| typo3 | typo3 | — | — |
| typo3 | typo3 | — | — |
| typo3 | typo3 | — | — |
| typo3 | typo3 | — | — |
CVSS provenance
nvdv3.06.1MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
TYPO3 allows remote attackers to embed Flash videos from external domain
ghsa·2022-05-17
CVE-2015-8760 [MEDIUM] CWE-20 TYPO3 allows remote attackers to embed Flash videos from external domain
TYPO3 allows remote attackers to embed Flash videos from external domain
The Flvplayer component in TYPO3 6.2.x before 6.2.16 allows remote attackers to embed Flash videos from external domains via unspecified vectors, aka "Cross-Site Flashing."
OSV
TYPO3 allows remote attackers to embed Flash videos from external domain
osv·2022-05-17
CVE-2015-8760 [MEDIUM] TYPO3 allows remote attackers to embed Flash videos from external domain
TYPO3 allows remote attackers to embed Flash videos from external domain
The Flvplayer component in TYPO3 6.2.x before 6.2.16 allows remote attackers to embed Flash videos from external domains via unspecified vectors, aka "Cross-Site Flashing."
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-014/http://www.securityfocus.com/bid/79210http://www.securitytracker.com/id/1034485http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-014/http://www.securityfocus.com/bid/79210http://www.securitytracker.com/id/1034485
2016-01-08
Published