CVE-2013-7078
N/A
N/A
Summary
Cross-site scripting (XSS) vulnerability in the errorAction method in the ActionController base class in the Extbase Framework in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6, when the Rewritten Property Mapper is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified input, which is returned in an error message. NOTE: this might be the same vulnerability as CVE-2013-7072.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://seclists.org/oss-sec/2013/q4/487
- http://seclists.org/oss-sec/2013/q4/473
- http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004
- http://www.securityfocus.com/bid/64239
- https://exchange.xforce.ibmcloud.com/vulnerabilities/89629
- http://osvdb.org/100885
References
- http://seclists.org/oss-sec/2013/q4/487
- http://seclists.org/oss-sec/2013/q4/473
- http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004
- http://www.securityfocus.com/bid/64239
- https://exchange.xforce.ibmcloud.com/vulnerabilities/89629
- http://osvdb.org/100885
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.