CVE-2016-4056
N/A
N/A
Summary
Cross-site scripting (XSS) vulnerability in the Backend component in TYPO3 6.2.x before 6.2.19 allows remote attackers to inject arbitrary web script or HTML via the module parameter when creating a bookmark.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://www.openwall.com/lists/oss-security/2016/04/21/1
- https://labs.integrity.pt/advisories/cve-pending-stored-cross-site-scripting-in-typo3-bookmarks/
- https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-006/
References
- http://www.openwall.com/lists/oss-security/2016/04/21/1
- https://labs.integrity.pt/advisories/cve-pending-stored-cross-site-scripting-in-typo3-bookmarks/
- https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-006/
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.