Home > Vulnerability Database > WS-2018-0218

Mend.io Vulnerability Database

WS-2018-0218

Good to know:

Date: December 11, 2018

TYPO3 7.1.0 through 7.6.31, 8.5.0 through 8.7.20 and 9.0.0 through 9.5.1, fails to properly encode user input, notifications shown in modal windows in the TYPO3 backend are vulnerable to cross-site scripting. A valid backend user account is needed in order to exploit this vulnerability.

Language: JS

Severity Score

4.8

Related Resources (3)

Url: https://github.com/TYPO3/TYPO3.CMS/commit/02cd5c97228cba477d16c68e28309ce25c433ce9

Url: https://typo3.org/security/advisory/typo3-core-sa-2018-006/

Url: https://www.mend.io/vulnerability-database/WS-2018-0218

Severity Score

4.8

Weakness Type (CWE)

Code

CWE-17

Top Fix

Upgrade Version

Upgrade to version TYPO3_7-6-32,TYPO3_8-7-21,v9.5.2

Learn More

CVSS v3.1

Base Score:	4.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	HIGH
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

WS-2018-0218

Good to know:

Date: December 11, 2018

Language: JS

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?