| Vulnerability Name: | CVE-2014-3948 (CCN-93461) | ||||||||
| Assigned: | 2014-05-22 | ||||||||
| Published: | 2014-05-22 | ||||||||
| Updated: | 2014-06-05 | ||||||||
| Summary: | Cross-site scripting (XSS) vulnerability in the HTML export wizard in the backend module in the powermail extension before 1.6.11 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||
| CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N) 3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-79 | ||||||||
| Vulnerability Consequences: | Cross-Site Scripting | ||||||||
| References: | Source: MITRE Type: CNA CVE-2014-3948 Source: SECUNIA Type: UNKNOWN 58909 Source: CONFIRM Type: UNKNOWN http://typo3.org/extensions/repository/view/powermail Source: MISC Type: Vendor Advisory http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-007 Source: CCN Type: TYPO3-EXT-SA-2014-007 Arbitrary code execution in extension "powermail" (powermail) Source: MLIST Type: UNKNOWN [oss-security] 20140603 Re: CVE ID request: typo3 Source: CCN Type: BID-67621 TYPO3 Powermail Extension 'HTML Export Wizard' HTML Injection Vulnerability Source: XF Type: UNKNOWN powermail-typo3-xss(93461) | ||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||
| BACK | |||||||||