[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

249461

 
 

909

 
 

195508

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2015-5956Date: (C)2015-09-18   (M)2023-12-22


The sanitizeLocalUrl function in TYPO3 6.x before 6.2.15, 7.x before 7.4.0, 4.5.40, and earlier allows remote authenticated users to bypass the XSS filter and conduct cross-site scripting (XSS) attacks via a base64 encoded data URI, as demonstrated by the (1) returnUrl parameter to show_rechis.php and the (2) redirect_url parameter to index.php.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 3.5
Exploit Score: 6.8
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: SINGLE
Confidentiality: NONE
Integrity: PARTIAL
Availability: NONE
  
Reference:
SECTRACK-1033551
http://www.securityfocus.com/archive/1/536464/100/0/threaded
http://seclists.org/fulldisclosure/2015/Sep/57
http://packetstormsecurity.com/files/133551/Typo3-CMS-6.2.14-4.5.40-Cross-Site-Scripting.html
https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-009/

CPE    48
cpe:/a:typo3:typo3:6.2.10
cpe:/a:typo3:typo3:6.2.13
cpe:/a:typo3:typo3:6.2.14
cpe:/a:typo3:typo3:6.2.11
...
CWE    1
CWE-79

© SecPod Technologies