PT-2015-7096 · Typo3 · Typo3
Julien Ahrens
·
Publicado
2015-09-16
·
Atualizado
2022-05-14
·
CVE-2015-5956
CVSS v2.0
3.5
Baixa
| Vetor | AV:N/AC:M/Au:S/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
TYPO3 versions 4.5.40 and earlier
TYPO3 versions 6.x through 6.2.14
TYPO3 versions 7.x through 7.3.x
Description
The issue allows remote authenticated users to bypass the XSS filter and conduct cross-site scripting (XSS) attacks via a base64 encoded data URI. This can be achieved by exploiting the
returnUrl parameter to show rechis.php and the redirect url parameter to index.php.Recommendations
For TYPO3 versions 4.5.40 and earlier, update to version 4.5.41 or later.
For TYPO3 versions 6.x through 6.2.14, update to version 6.2.15 or later.
For TYPO3 versions 7.x through 7.3.x, update to version 7.4.0 or later.
Exploit
Correção
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Typo3