CVE-2015-8757

EPSS 0.3%
Veröffentlicht 08.01.2016 19:59:23
Zuletzt bearbeitet 12.04.2025 10:46:40
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Cross-site scripting (XSS) vulnerability in the Extension Manager in TYPO3 6.2.x before 6.2.16 and 7.x before 7.6.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to extension data during an extension installation.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Typo3 ≫ Typo3 Version6.2.0 Updatealpha1

Typo3 ≫ Typo3 Version6.2.0 Updatealpha2

Typo3 ≫ Typo3 Version6.2.0 Updatealpha3

Typo3 ≫ Typo3 Version6.2.0 Updatebeta1

Typo3 ≫ Typo3 Version6.2.0 Updatebeta2

Typo3 ≫ Typo3 Version6.2.0 Updatebeta3

Typo3 ≫ Typo3 Version6.2.0 Updatebeta4

Typo3 ≫ Typo3 Version6.2.0 Updatebeta5

Typo3 ≫ Typo3 Version6.2.0 Updatebeta6

Typo3 ≫ Typo3 Version6.2.0 Updatebeta7

Typo3 ≫ Typo3 Version6.2.0 Updaterc1

Typo3 ≫ Typo3 Version6.2.0 Updaterc2

Typo3 ≫ Typo3 Version6.2.1

Typo3 ≫ Typo3 Version6.2.2

Typo3 ≫ Typo3 Version6.2.3

Typo3 ≫ Typo3 Version6.2.4

Typo3 ≫ Typo3 Version6.2.5

Typo3 ≫ Typo3 Version6.2.6

Typo3 ≫ Typo3 Version6.2.7

Typo3 ≫ Typo3 Version6.2.8

Typo3 ≫ Typo3 Version6.2.9

Typo3 ≫ Typo3 Version6.2.10

Typo3 ≫ Typo3 Version6.2.10 Updaterc1

Typo3 ≫ Typo3 Version6.2.11

Typo3 ≫ Typo3 Version6.2.12

Typo3 ≫ Typo3 Version6.2.13

Typo3 ≫ Typo3 Version6.2.14

Typo3 ≫ Typo3 Version6.2.15

Typo3 ≫ Typo3 Version7.0.0

Typo3 ≫ Typo3 Version7.0.1

Typo3 ≫ Typo3 Version7.0.2

Typo3 ≫ Typo3 Version7.1.0

Typo3 ≫ Typo3 Version7.2.0

Typo3 ≫ Typo3 Version7.3.0

Typo3 ≫ Typo3 Version7.3.1

Typo3 ≫ Typo3 Version7.4.0

Typo3 ≫ Typo3 Version7.5.0

Typo3 ≫ Typo3 Version7.6.0

Typo3 ≫ Typo3 Version7.6.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.3%	0.525

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.1	2.8	2.7	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-010/

Vendor Advisory

http://www.securityfocus.com/bid/79254

http://www.securitytracker.com/id/1034482

https://nvd.nist.gov/vuln/detail/CVE-2015-8757

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2015-8757

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2015-8757

EUVD