CVE-2016-4056 — Cross-site Scripting in CMS

CWE-79 — Cross-site Scripting4 documents4 sources

Severity

6.1MEDIUMNVD

EPSS

0.3%

top 45.94%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Typo3 CMS Typo3

Timeline

PublishedJan 23

Latest updateMay 17

Description

Cross-site scripting (XSS) vulnerability in the Backend component in TYPO3 6.2.x before 6.2.19 allows remote attackers to inject arbitrary web script or HTML via the module parameter when creating a bookmark.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶Packagisttypo3/cms6.2.0 — 6.2.19

▶NVDtypo3/typo320 versions+19

Patches

Patch: typo3.org ↗Patch: typo3.org ↗

🔴Vulnerability Details

OSV

TYPO3 Backend component Cross-site scripting (XSS) vulnerability↗2022-05-17

▶

GHSA

TYPO3 Backend component Cross-site scripting (XSS) vulnerability↗2022-05-17

▶

CVEList

CVE-2016-4056: Cross-site scripting (XSS) vulnerability in the Backend component in TYPO3 6↗2017-01-23

▶