Vulnerabilities
Projects
Vulnerability Disclosure
About Us
Contact Us
Mend.io Vulnerability Database
What is a WS vulnerability ID?
What is an MSC vulnerability ID?
We found results for “”
WS-2018-0219
Good to know:
Date: December 11, 2018
TYPO3 versions 7.0.0-7.6.31, 8.0.0-8.7.20 and 9.0.0-9.5.1 has a Cross-Site Scripting vulnerability in Frontend User Login
Language: PHP
Severity Score
Severity Score
Weakness Type (CWE)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-79Top Fix
Upgrade Version
Upgrade to version typo3/cms - 7.6.22;typo3/cms - 7.6.29;typo3/cms - 8.4.0;typo3/cms - 7.6.11;typo3/cms - 8.7.10;typo3/cms - 7.0.2;typo3/cms - 8.7.14;typo3/cms - dev-TYPO3_8-7;typo3/cms - 7.6.24;typo3/cms - dev-TYPO3_7-6;typo3/cms - 8.7.16;typo3/cms - 7.2.0;typo3/cms - TYPO3_8-7-3;typo3/cms - 8.7.6;typo3/cms - 8.7.5;typo3/cms - 7.6.30;typo3/cms - 8.7.18;typo3/cms - 7.6.19;typo3/cms - 7.6.13;typo3/cms - 7.6.26;typo3/cms - 8.3.0;typo3/cms - 8.6.1;typo3/cms - 8.7.13;typo3/cms - TYPO3_7-6-20;typo3/cms - 7.6.28;typo3/cms - 7.6.31;typo3/cms - 8.7.11;typo3/cms - 8.7.4;typo3/cms - 8.7.15;typo3/cms - 7.6.21;typo3/cms - 7.6.23;typo3/cms - 8.7.17;typo3/cms - 8.7.8;typo3/cms - 8.7.7;typo3/cms - v9.4.0;typo3/cms - 8.7.9;typo3/cms - 8.7.12;typo3/cms - 8.7.19;typo3/cms - 7.6.25;typo3/cms - v9.5.2;typo3/cms - 7.6.27;typo3/cms - 7.6.16;typo3/cms - 8.5.0;typo3/cms - 8.7.2;typo3/cms - 7.6.32;typo3/cms-frontend - v8.7.19;typo3/cms-frontend - v9.4.0;typo3/cms-felogin - v8.7.19;typo3/cms-felogin - v9.4.0;instituteweb/typo3-cms - no_fix;instituteweb/typo3-cms - 6.2.19
CVSS v3.1
| Base Score: |
|
|---|---|
| Attack Vector (AV): | NETWORK |
| Attack Complexity (AC): | LOW |
| Privileges Required (PR): | LOW |
| User Interaction (UI): | NONE |
| Scope (S): | UNCHANGED |
| Confidentiality (C): | LOW |
| Integrity (I): | LOW |
| Availability (A): | NONE |