Vulnerabilities
Projects
Vulnerability Disclosure
About Us
Contact Us
Mend.io Vulnerability Database
What is a WS vulnerability ID?
What is an MSC vulnerability ID?
We found results for “”
WS-2019-0007
Good to know:
Date: December 11, 2018
TYPO3 versions 7.5.0-7.6.31, 8.0.0-8.7.20 and v9.0.0-v9.5.1 Failing to properly encode user input, online media asset rendering (*.youtube and *.vimeo files) is vulnerable to cross-site scripting.
Language: PHP
Severity Score
Severity Score
Weakness Type (CWE)
Code
CWE-17Top Fix
Upgrade Version
Upgrade to version typo3/cms - 8.7.17;typo3/cms - 7.6.24;typo3/cms - TYPO3_8-7-3;typo3/cms - dev-TYPO3_7-6;typo3/cms - 8.7.2;typo3/cms - 8.7.18;typo3/cms - 7.6.25;typo3/cms - dev-TYPO3_8-7;typo3/cms - 7.6.19;typo3/cms - 8.7.7;typo3/cms - 7.6.11;typo3/cms - 8.7.9;typo3/cms - TYPO3_7-6-20;typo3/cms - v9.4.0;typo3/cms - 8.7.12;typo3/cms - 8.4.0;typo3/cms - 8.7.4;typo3/cms - 7.6.30;typo3/cms - 7.6.32;typo3/cms - 8.6.1;typo3/cms - 7.6.26;typo3/cms - 7.6.29;typo3/cms - 7.6.13;typo3/cms - 8.5.0;typo3/cms - 8.7.11;typo3/cms - 7.6.28;typo3/cms - 7.6.27;typo3/cms - 7.6.31;typo3/cms - 8.7.8;typo3/cms - 8.7.10;typo3/cms - 8.7.14;typo3/cms - 7.6.16;typo3/cms - v9.5.2;typo3/cms - 8.3.0;typo3/cms - 8.7.13;typo3/cms - 8.7.19;typo3/cms - 7.6.22;typo3/cms - 8.7.5;typo3/cms - 8.7.15;typo3/cms - 7.6.23;typo3/cms - 7.6.21;typo3/cms - 8.7.6;typo3/cms - 8.7.16;typo3/cms-core - v9.4.0;typo3/cms-core - v8.7.19;instituteweb/typo3-cms - 6.2.19;instituteweb/typo3-cms - no_fix;patrickbroens/content-rendering-core - no_fix
CVSS v3.1
| Base Score: |
|
|---|---|
| Attack Vector (AV): | NETWORK |
| Attack Complexity (AC): | LOW |
| Privileges Required (PR): | LOW |
| User Interaction (UI): | REQUIRED |
| Scope (S): | CHANGED |
| Confidentiality (C): | LOW |
| Integrity (I): | LOW |
| Availability (A): | NONE |