| Vulnerability Name: | CVE-2013-7077 (CCN-89626) | ||||||||||||
| Assigned: | 2013-12-10 | ||||||||||||
| Published: | 2013-12-10 | ||||||||||||
| Updated: | 2017-08-29 | ||||||||||||
| Summary: | Cross-site scripting (XSS) vulnerability in the Backend User Administration Module in TYPO3 6.0.x before 6.0.12 and 6.1.x before 6.1.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||||||
| CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N) 3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
| ||||||||||||
| Vulnerability Type: | CWE-79 | ||||||||||||
| Vulnerability Consequences: | Cross-Site Scripting | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2013-7077 Source: OSVDB Type: UNKNOWN 100884 Source: MLIST Type: UNKNOWN [oss-security] 20131211 CVE request: TYPO3-CORE-SA-2013-004 and TYPO3-FLOW-SA-2013-001 Source: MLIST Type: UNKNOWN [oss-security] 20131212 Re: CVE request: TYPO3-CORE-SA-2013-004 and TYPO3-FLOW-SA-2013-001 Source: CCN Type: TYPO3 Web site TYPO3 - The Enterprise Open Source CMS - TYPO3 - The Enterprise Open Source CMS Source: CONFIRM Type: Vendor Advisory http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004 Source: CCN Type: TYPO3-CORE-SA-2013-004 Multiple Vulnerabilities in TYPO3 CMS Source: CCN Type: BID-64244 TYPO3 Backend User Administration Extension Unspecified Cross Site Scripting Vulnerability Source: XF Type: UNKNOWN backenduseradministration-URL-xss(89626) Source: XF Type: UNKNOWN backenduseradministration-URL-xss(89626) | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration 2:  Denotes that component is vulnerable | ||||||||||||
| Oval Definitions | |||||||||||||
| |||||||||||||
| BACK | |||||||||||||